<!DOCTYPE HTML>

<html lang="en">
<head>

<title>HttpSecurity (spring-security-docs 5.6.3 API)</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="../../../../../../../stylesheet.css" title="Style">
<link rel="stylesheet" type="text/css" href="../../../../../../../jquery/jquery-ui.css" title="Style">
<script type="text/javascript" src="../../../../../../../script.js"></script>
<script type="text/javascript" src="../../../../../../../jquery/jszip/dist/jszip.min.js"></script>
<script type="text/javascript" src="../../../../../../../jquery/jszip-utils/dist/jszip-utils.min.js"></script>
<!--[if IE]>
<script type="text/javascript" src="../../../../../../../jquery/jszip-utils/dist/jszip-utils-ie.min.js"></script>
<![endif]-->
<script type="text/javascript" src="../../../../../../../jquery/jquery-3.5.1.js"></script>
<script type="text/javascript" src="../../../../../../../jquery/jquery-ui.js"></script>
</head>
<body>
<script type="text/javascript"><!--
    try {
        if (location.href.indexOf('is-external=true') == -1) {
            parent.document.title="HttpSecurity (spring-security-docs 5.6.3 API)";
        }
    }
    catch(err) {
    }
//-->
var data = {"i0":10,"i1":10,"i2":10,"i3":10,"i4":10,"i5":10,"i6":10,"i7":10,"i8":10,"i9":10,"i10":10,"i11":10,"i12":10,"i13":10,"i14":10,"i15":10,"i16":10,"i17":10,"i18":10,"i19":10,"i20":10,"i21":10,"i22":10,"i23":10,"i24":10,"i25":10,"i26":10,"i27":10,"i28":10,"i29":10,"i30":10,"i31":10,"i32":10,"i33":10,"i34":10,"i35":10,"i36":10,"i37":42,"i38":42,"i39":10,"i40":10,"i41":10,"i42":10,"i43":10,"i44":10,"i45":10,"i46":10,"i47":10,"i48":10,"i49":10,"i50":10,"i51":10,"i52":10,"i53":10,"i54":10,"i55":10,"i56":10,"i57":10,"i58":10,"i59":10,"i60":10,"i61":10,"i62":10,"i63":10,"i64":10,"i65":10,"i66":10};
var tabs = {65535:["t0","All Methods"],2:["t2","Instance Methods"],8:["t4","Concrete Methods"],32:["t6","Deprecated Methods"]};
var altColor = "altColor";
var rowColor = "rowColor";
var tableTab = "tableTab";
var activeTableTab = "activeTableTab";
var pathtoroot = "../../../../../../../";
var useModuleDirectories = true;
loadScripts(document, 'script');</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
<header role="banner">
<nav role="navigation">
<div class="fixedNav">

<div class="topNav"><a id="navbar.top">

</a>
<div class="skipNav"><a href="HttpSecurity.html#skip.navbar.top" title="Skip navigation links">Skip navigation links</a></div>
<a id="navbar.top.firstrow">

</a>
<ul class="navList" title="Navigation">
<li><a href="../../../../../../../index.html">Overview</a></li>
<li><a href="package-summary.html">Package</a></li>
<li class="navBarCell1Rev">Class</li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../../../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../../../../../index-all.html">Index</a></li>
<li><a href="../../../../../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList" id="allclasses_navbar_top">
<li><a href="../../../../../../../allclasses.html">All&nbsp;Classes</a></li>
</ul>
<ul class="navListSearch">
<li><label for="search">SEARCH:</label>
<input type="text" id="search" value="search" disabled="disabled">
<input type="reset" id="reset" value="reset" disabled="disabled">
</li>
</ul>
<div>
<script type="text/javascript"><!--
  allClassesLink = document.getElementById("allclasses_navbar_top");
  if(window==top) {
    allClassesLink.style.display = "block";
  }
  else {
    allClassesLink.style.display = "none";
  }
  //-->
</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
</div>
<div>
<ul class="subNavList">
<li>Summary:&nbsp;</li>
<li><a href="HttpSecurity.html#nested.class.summary">Nested</a>&nbsp;|&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li><a href="HttpSecurity.html#constructor.summary">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="HttpSecurity.html#method.summary">Method</a></li>
</ul>
<ul class="subNavList">
<li>Detail:&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li><a href="HttpSecurity.html#constructor.detail">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="HttpSecurity.html#method.detail">Method</a></li>
</ul>
</div>
<a id="skip.navbar.top">

</a></div>

</div>
<div class="navPadding">&nbsp;</div>
<script type="text/javascript"><!--
$('.navPadding').css('padding-top', $('.fixedNav').css("height"));
//-->
</script>
</nav>
</header>

<main role="main">
<div class="header">
<div class="subTitle"><span class="packageLabelInType">Package</span>&nbsp;<a href="package-summary.html">org.springframework.security.config.annotation.web.builders</a></div>
<h2 title="Class HttpSecurity" class="title">Class HttpSecurity</h2>
</div>
<div class="contentContainer">
<ul class="inheritance">
<li>java.lang.Object</li>
<li>
<ul class="inheritance">
<li><a href="../../AbstractSecurityBuilder.html" title="class in org.springframework.security.config.annotation">org.springframework.security.config.annotation.AbstractSecurityBuilder</a>&lt;O&gt;</li>
<li>
<ul class="inheritance">
<li><a href="../../AbstractConfiguredSecurityBuilder.html" title="class in org.springframework.security.config.annotation">org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder</a>&lt;<a href="../../../../web/DefaultSecurityFilterChain.html" title="class in org.springframework.security.web">DefaultSecurityFilterChain</a>,&#8203;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;</li>
<li>
<ul class="inheritance">
<li>org.springframework.security.config.annotation.web.builders.HttpSecurity</li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
</ul>
<div class="description">
<ul class="blockList">
<li class="blockList">
<dl>
<dt>All Implemented Interfaces:</dt>
<dd><code><a href="../../SecurityBuilder.html" title="interface in org.springframework.security.config.annotation">SecurityBuilder</a>&lt;<a href="../../../../web/DefaultSecurityFilterChain.html" title="class in org.springframework.security.web">DefaultSecurityFilterChain</a>&gt;</code>, <code><a href="../HttpSecurityBuilder.html" title="interface in org.springframework.security.config.annotation.web">HttpSecurityBuilder</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;</code></dd>
</dl>
<hr>
<pre>public final class <span class="typeNameLabel">HttpSecurity</span>
extends <a href="../../AbstractConfiguredSecurityBuilder.html" title="class in org.springframework.security.config.annotation">AbstractConfiguredSecurityBuilder</a>&lt;<a href="../../../../web/DefaultSecurityFilterChain.html" title="class in org.springframework.security.web">DefaultSecurityFilterChain</a>,&#8203;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;
implements <a href="../../SecurityBuilder.html" title="interface in org.springframework.security.config.annotation">SecurityBuilder</a>&lt;<a href="../../../../web/DefaultSecurityFilterChain.html" title="class in org.springframework.security.web">DefaultSecurityFilterChain</a>&gt;, <a href="../HttpSecurityBuilder.html" title="interface in org.springframework.security.config.annotation.web">HttpSecurityBuilder</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;</pre>
<div class="block">A <a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> is similar to Spring Security's XML &lt;http&gt; element in the
namespace configuration. It allows configuring web based security for specific http
requests. By default it will be applied to all requests, but can be restricted using
<a href="HttpSecurity.html#requestMatcher(org.springframework.security.web.util.matcher.RequestMatcher)"><code>requestMatcher(RequestMatcher)</code></a> or other similar methods.
<h2>Example Usage</h2>
The most basic form based configuration can be seen below. The configuration will
require that any URL that is requested will require a User with the role "ROLE_USER".
It also defines an in memory authentication scheme with a user that has the username
"user", the password "password", and the role "ROLE_USER". For additional examples,
refer to the Java Doc of individual methods on <a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a>.
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class FormLoginSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(HttpSecurity http) throws Exception {
                http.authorizeRequests().antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;).and().formLogin();
        }

        &#064;Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
                auth.inMemoryAuthentication().withUser(&quot;user&quot;).password(&quot;password&quot;).roles(&quot;USER&quot;);
        }
 }
 </pre></div>
<dl>
<dt><span class="simpleTagLabel">Since:</span></dt>
<dd>3.2</dd>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../configuration/EnableWebSecurity.html" title="annotation in org.springframework.security.config.annotation.web.configuration"><code>EnableWebSecurity</code></a></dd>
</dl>
</li>
</ul>
</div>
<div class="summary">
<ul class="blockList">
<li class="blockList">

<section role="region">
<ul class="blockList">
<li class="blockList"><a id="nested.class.summary">

</a>
<h3>Nested Class Summary</h3>
<table class="memberSummary">
<caption><span>Nested Classes</span><span class="tabEnd">&nbsp;</span></caption>
<tr>
<th class="colFirst" scope="col">Modifier and Type</th>
<th class="colSecond" scope="col">Class</th>
<th class="colLast" scope="col">Description</th>
</tr>
<tr class="altColor">
<td class="colFirst"><code>class&nbsp;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.MvcMatchersRequestMatcherConfigurer.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity.MvcMatchersRequestMatcherConfigurer</a></span></code></th>
<td class="colLast">
<div class="block">An extension to <a href="HttpSecurity.RequestMatcherConfigurer.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity.RequestMatcherConfigurer</code></a> that allows optionally configuring
the servlet path.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>class&nbsp;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.RequestMatcherConfigurer.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity.RequestMatcherConfigurer</a></span></code></th>
<td class="colLast">
<div class="block">Allows mapping HTTP requests that this <a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> will be used for</div>
</td>
</tr>
</table>
</li>
</ul>
</section>

<section role="region">
<ul class="blockList">
<li class="blockList"><a id="constructor.summary">

</a>
<h3>Constructor Summary</h3>
<table class="memberSummary">
<caption><span>Constructors</span><span class="tabEnd">&nbsp;</span></caption>
<tr>
<th class="colFirst" scope="col">Constructor</th>
<th class="colLast" scope="col">Description</th>
</tr>
<tr class="altColor">
<th class="colConstructorName" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#%3Cinit%3E(org.springframework.security.config.annotation.ObjectPostProcessor,org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder,java.util.Map)">HttpSecurity</a></span>&#8203;(<a href="../../ObjectPostProcessor.html" title="interface in org.springframework.security.config.annotation">ObjectPostProcessor</a>&lt;java.lang.Object&gt;&nbsp;objectPostProcessor,
<a href="../../authentication/builders/AuthenticationManagerBuilder.html" title="class in org.springframework.security.config.annotation.authentication.builders">AuthenticationManagerBuilder</a>&nbsp;authenticationBuilder,
java.util.Map&lt;java.lang.Class&lt;?&gt;,&#8203;java.lang.Object&gt;&nbsp;sharedObjects)</code></th>
<td class="colLast">
<div class="block">Creates a new instance</div>
</td>
</tr>
</table>
</li>
</ul>
</section>

<section role="region">
<ul class="blockList">
<li class="blockList"><a id="method.summary">

</a>
<h3>Method Summary</h3>
<table class="memberSummary">
<caption><span id="t0" class="activeTableTab"><span>All Methods</span><span class="tabEnd">&nbsp;</span></span><span id="t2" class="tableTab"><span><a href="javascript:show(2);">Instance Methods</a></span><span class="tabEnd">&nbsp;</span></span><span id="t4" class="tableTab"><span><a href="javascript:show(8);">Concrete Methods</a></span><span class="tabEnd">&nbsp;</span></span><span id="t6" class="tableTab"><span><a href="javascript:show(32);">Deprecated Methods</a></span><span class="tabEnd">&nbsp;</span></span></caption>
<tr>
<th class="colFirst" scope="col">Modifier and Type</th>
<th class="colSecond" scope="col">Method</th>
<th class="colLast" scope="col">Description</th>
</tr>
<tr id="i0" class="altColor">
<td class="colFirst"><code><a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#addFilter(javax.servlet.Filter)">addFilter</a></span>&#8203;(javax.servlet.Filter&nbsp;filter)</code></th>
<td class="colLast">
<div class="block">Adds a <code>Filter</code> that must be an instance of or extend one of the Filters
provided within the Security framework.</div>
</td>
</tr>
<tr id="i1" class="rowColor">
<td class="colFirst"><code><a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#addFilterAfter(javax.servlet.Filter,java.lang.Class)">addFilterAfter</a></span>&#8203;(javax.servlet.Filter&nbsp;filter,
java.lang.Class&lt;? extends javax.servlet.Filter&gt;&nbsp;afterFilter)</code></th>
<td class="colLast">
<div class="block">Allows adding a <code>Filter</code> after one of the known <code>Filter</code> classes.</div>
</td>
</tr>
<tr id="i2" class="altColor">
<td class="colFirst"><code><a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#addFilterAt(javax.servlet.Filter,java.lang.Class)">addFilterAt</a></span>&#8203;(javax.servlet.Filter&nbsp;filter,
java.lang.Class&lt;? extends javax.servlet.Filter&gt;&nbsp;atFilter)</code></th>
<td class="colLast">
<div class="block">Adds the Filter at the location of the specified Filter class.</div>
</td>
</tr>
<tr id="i3" class="rowColor">
<td class="colFirst"><code><a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#addFilterBefore(javax.servlet.Filter,java.lang.Class)">addFilterBefore</a></span>&#8203;(javax.servlet.Filter&nbsp;filter,
java.lang.Class&lt;? extends javax.servlet.Filter&gt;&nbsp;beforeFilter)</code></th>
<td class="colLast">
<div class="block">Allows adding a <code>Filter</code> before one of the known <code>Filter</code> classes.</div>
</td>
</tr>
<tr id="i4" class="altColor">
<td class="colFirst"><code><a href="../configurers/AnonymousConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">AnonymousConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#anonymous()">anonymous</a></span>()</code></th>
<td class="colLast">
<div class="block">Allows configuring how an anonymous user is represented.</div>
</td>
</tr>
<tr id="i5" class="rowColor">
<td class="colFirst"><code><a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#anonymous(org.springframework.security.config.Customizer)">anonymous</a></span>&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="../configurers/AnonymousConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">AnonymousConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&gt;&nbsp;anonymousCustomizer)</code></th>
<td class="colLast">
<div class="block">Allows configuring how an anonymous user is represented.</div>
</td>
</tr>
<tr id="i6" class="altColor">
<td class="colFirst"><code><a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#antMatcher(java.lang.String)">antMatcher</a></span>&#8203;(java.lang.String&nbsp;antPattern)</code></th>
<td class="colLast">
<div class="block">Allows configuring the <a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> to only be invoked when matching the
provided ant pattern.</div>
</td>
</tr>
<tr id="i7" class="rowColor">
<td class="colFirst"><code><a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#authenticationManager(org.springframework.security.authentication.AuthenticationManager)">authenticationManager</a></span>&#8203;(<a href="../../../../authentication/AuthenticationManager.html" title="interface in org.springframework.security.authentication">AuthenticationManager</a>&nbsp;authenticationManager)</code></th>
<td class="colLast">
<div class="block">Configure the default <a href="../../../../authentication/AuthenticationManager.html" title="interface in org.springframework.security.authentication"><code>AuthenticationManager</code></a>.</div>
</td>
</tr>
<tr id="i8" class="altColor">
<td class="colFirst"><code><a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#authenticationProvider(org.springframework.security.authentication.AuthenticationProvider)">authenticationProvider</a></span>&#8203;(<a href="../../../../authentication/AuthenticationProvider.html" title="interface in org.springframework.security.authentication">AuthenticationProvider</a>&nbsp;authenticationProvider)</code></th>
<td class="colLast">
<div class="block">Allows adding an additional <a href="../../../../authentication/AuthenticationProvider.html" title="interface in org.springframework.security.authentication"><code>AuthenticationProvider</code></a> to be used</div>
</td>
</tr>
<tr id="i9" class="rowColor">
<td class="colFirst"><code><a href="../configurers/AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry.html" title="class in org.springframework.security.config.annotation.web.configurers">AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#authorizeHttpRequests()">authorizeHttpRequests</a></span>()</code></th>
<td class="colLast">
<div class="block">Allows restricting access based upon the <code>HttpServletRequest</code> using
<a href="../../../../web/util/matcher/RequestMatcher.html" title="interface in org.springframework.security.web.util.matcher"><code>RequestMatcher</code></a> implementations (i.e.</div>
</td>
</tr>
<tr id="i10" class="altColor">
<td class="colFirst"><code><a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#authorizeHttpRequests(org.springframework.security.config.Customizer)">authorizeHttpRequests</a></span>&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="../configurers/AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry.html" title="class in org.springframework.security.config.annotation.web.configurers">AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry</a>&gt;&nbsp;authorizeHttpRequestsCustomizer)</code></th>
<td class="colLast">
<div class="block">Allows restricting access based upon the <code>HttpServletRequest</code> using
<a href="../../../../web/util/matcher/RequestMatcher.html" title="interface in org.springframework.security.web.util.matcher"><code>RequestMatcher</code></a> implementations (i.e.</div>
</td>
</tr>
<tr id="i11" class="rowColor">
<td class="colFirst"><code><a href="../configurers/ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry.html" title="class in org.springframework.security.config.annotation.web.configurers">ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#authorizeRequests()">authorizeRequests</a></span>()</code></th>
<td class="colLast">
<div class="block">Allows restricting access based upon the <code>HttpServletRequest</code> using
<a href="../../../../web/util/matcher/RequestMatcher.html" title="interface in org.springframework.security.web.util.matcher"><code>RequestMatcher</code></a> implementations (i.e.</div>
</td>
</tr>
<tr id="i12" class="altColor">
<td class="colFirst"><code><a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#authorizeRequests(org.springframework.security.config.Customizer)">authorizeRequests</a></span>&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="../configurers/ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry.html" title="class in org.springframework.security.config.annotation.web.configurers">ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry</a>&gt;&nbsp;authorizeRequestsCustomizer)</code></th>
<td class="colLast">
<div class="block">Allows restricting access based upon the <code>HttpServletRequest</code> using
<a href="../../../../web/util/matcher/RequestMatcher.html" title="interface in org.springframework.security.web.util.matcher"><code>RequestMatcher</code></a> implementations (i.e.</div>
</td>
</tr>
<tr id="i13" class="rowColor">
<td class="colFirst"><code>protected void</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#beforeConfigure()">beforeConfigure</a></span>()</code></th>
<td class="colLast">
<div class="block">Invoked prior to invoking each
<a href="../../SecurityConfigurer.html#configure(B)"><code>SecurityConfigurer.configure(SecurityBuilder)</code></a> method.</div>
</td>
</tr>
<tr id="i14" class="altColor">
<td class="colFirst"><code><a href="../configurers/CorsConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">CorsConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#cors()">cors</a></span>()</code></th>
<td class="colLast">
<div class="block">Adds a <code>CorsFilter</code> to be used.</div>
</td>
</tr>
<tr id="i15" class="rowColor">
<td class="colFirst"><code><a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#cors(org.springframework.security.config.Customizer)">cors</a></span>&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="../configurers/CorsConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">CorsConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&gt;&nbsp;corsCustomizer)</code></th>
<td class="colLast">
<div class="block">Adds a <code>CorsFilter</code> to be used.</div>
</td>
</tr>
<tr id="i16" class="altColor">
<td class="colFirst"><code><a href="../configurers/CsrfConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">CsrfConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#csrf()">csrf</a></span>()</code></th>
<td class="colLast">
<div class="block">Enables CSRF protection.</div>
</td>
</tr>
<tr id="i17" class="rowColor">
<td class="colFirst"><code><a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#csrf(org.springframework.security.config.Customizer)">csrf</a></span>&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="../configurers/CsrfConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">CsrfConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&gt;&nbsp;csrfCustomizer)</code></th>
<td class="colLast">
<div class="block">Enables CSRF protection.</div>
</td>
</tr>
<tr id="i18" class="altColor">
<td class="colFirst"><code><a href="../configurers/ExceptionHandlingConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">ExceptionHandlingConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#exceptionHandling()">exceptionHandling</a></span>()</code></th>
<td class="colLast">
<div class="block">Allows configuring exception handling.</div>
</td>
</tr>
<tr id="i19" class="rowColor">
<td class="colFirst"><code><a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#exceptionHandling(org.springframework.security.config.Customizer)">exceptionHandling</a></span>&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="../configurers/ExceptionHandlingConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">ExceptionHandlingConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&gt;&nbsp;exceptionHandlingCustomizer)</code></th>
<td class="colLast">
<div class="block">Allows configuring exception handling.</div>
</td>
</tr>
<tr id="i20" class="altColor">
<td class="colFirst"><code><a href="../configurers/FormLoginConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">FormLoginConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#formLogin()">formLogin</a></span>()</code></th>
<td class="colLast">
<div class="block">Specifies to support form based authentication.</div>
</td>
</tr>
<tr id="i21" class="rowColor">
<td class="colFirst"><code><a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#formLogin(org.springframework.security.config.Customizer)">formLogin</a></span>&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="../configurers/FormLoginConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">FormLoginConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&gt;&nbsp;formLoginCustomizer)</code></th>
<td class="colLast">
<div class="block">Specifies to support form based authentication.</div>
</td>
</tr>
<tr id="i22" class="altColor">
<td class="colFirst"><code><a href="../configurers/HeadersConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#headers()">headers</a></span>()</code></th>
<td class="colLast">
<div class="block">Adds the Security headers to the response.</div>
</td>
</tr>
<tr id="i23" class="rowColor">
<td class="colFirst"><code><a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#headers(org.springframework.security.config.Customizer)">headers</a></span>&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="../configurers/HeadersConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&gt;&nbsp;headersCustomizer)</code></th>
<td class="colLast">
<div class="block">Adds the Security headers to the response.</div>
</td>
</tr>
<tr id="i24" class="altColor">
<td class="colFirst"><code><a href="../configurers/HttpBasicConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">HttpBasicConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#httpBasic()">httpBasic</a></span>()</code></th>
<td class="colLast">
<div class="block">Configures HTTP Basic authentication.</div>
</td>
</tr>
<tr id="i25" class="rowColor">
<td class="colFirst"><code><a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#httpBasic(org.springframework.security.config.Customizer)">httpBasic</a></span>&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="../configurers/HttpBasicConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">HttpBasicConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&gt;&nbsp;httpBasicCustomizer)</code></th>
<td class="colLast">
<div class="block">Configures HTTP Basic authentication.</div>
</td>
</tr>
<tr id="i26" class="altColor">
<td class="colFirst"><code><a href="../configurers/JeeConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">JeeConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#jee()">jee</a></span>()</code></th>
<td class="colLast">
<div class="block">Configures container based pre authentication.</div>
</td>
</tr>
<tr id="i27" class="rowColor">
<td class="colFirst"><code><a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#jee(org.springframework.security.config.Customizer)">jee</a></span>&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="../configurers/JeeConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">JeeConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&gt;&nbsp;jeeCustomizer)</code></th>
<td class="colLast">
<div class="block">Configures container based pre authentication.</div>
</td>
</tr>
<tr id="i28" class="altColor">
<td class="colFirst"><code><a href="../configurers/LogoutConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">LogoutConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#logout()">logout</a></span>()</code></th>
<td class="colLast">
<div class="block">Provides logout support.</div>
</td>
</tr>
<tr id="i29" class="rowColor">
<td class="colFirst"><code><a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#logout(org.springframework.security.config.Customizer)">logout</a></span>&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="../configurers/LogoutConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">LogoutConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&gt;&nbsp;logoutCustomizer)</code></th>
<td class="colLast">
<div class="block">Provides logout support.</div>
</td>
</tr>
<tr id="i30" class="altColor">
<td class="colFirst"><code><a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#mvcMatcher(java.lang.String)">mvcMatcher</a></span>&#8203;(java.lang.String&nbsp;mvcPattern)</code></th>
<td class="colLast">
<div class="block">Allows configuring the <a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> to only be invoked when matching the
provided Spring MVC pattern.</div>
</td>
</tr>
<tr id="i31" class="rowColor">
<td class="colFirst"><code><a href="../configurers/oauth2/client/OAuth2ClientConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers.oauth2.client">OAuth2ClientConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#oauth2Client()">oauth2Client</a></span>()</code></th>
<td class="colLast">
<div class="block">Configures OAuth 2.0 Client support.</div>
</td>
</tr>
<tr id="i32" class="altColor">
<td class="colFirst"><code><a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#oauth2Client(org.springframework.security.config.Customizer)">oauth2Client</a></span>&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="../configurers/oauth2/client/OAuth2ClientConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers.oauth2.client">OAuth2ClientConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&gt;&nbsp;oauth2ClientCustomizer)</code></th>
<td class="colLast">
<div class="block">Configures OAuth 2.0 Client support.</div>
</td>
</tr>
<tr id="i33" class="rowColor">
<td class="colFirst"><code><a href="../configurers/oauth2/client/OAuth2LoginConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers.oauth2.client">OAuth2LoginConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#oauth2Login()">oauth2Login</a></span>()</code></th>
<td class="colLast">
<div class="block">Configures authentication support using an OAuth 2.0 and/or OpenID Connect 1.0
Provider.</div>
</td>
</tr>
<tr id="i34" class="altColor">
<td class="colFirst"><code><a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#oauth2Login(org.springframework.security.config.Customizer)">oauth2Login</a></span>&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="../configurers/oauth2/client/OAuth2LoginConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers.oauth2.client">OAuth2LoginConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&gt;&nbsp;oauth2LoginCustomizer)</code></th>
<td class="colLast">
<div class="block">Configures authentication support using an OAuth 2.0 and/or OpenID Connect 1.0
Provider.</div>
</td>
</tr>
<tr id="i35" class="rowColor">
<td class="colFirst"><code><a href="../configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers.oauth2.server.resource">OAuth2ResourceServerConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#oauth2ResourceServer()">oauth2ResourceServer</a></span>()</code></th>
<td class="colLast">
<div class="block">Configures OAuth 2.0 Resource Server support.</div>
</td>
</tr>
<tr id="i36" class="altColor">
<td class="colFirst"><code><a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#oauth2ResourceServer(org.springframework.security.config.Customizer)">oauth2ResourceServer</a></span>&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="../configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers.oauth2.server.resource">OAuth2ResourceServerConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&gt;&nbsp;oauth2ResourceServerCustomizer)</code></th>
<td class="colLast">
<div class="block">Configures OAuth 2.0 Resource Server support.</div>
</td>
</tr>
<tr id="i37" class="rowColor">
<td class="colFirst"><code><a href="../configurers/openid/OpenIDLoginConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers.openid">OpenIDLoginConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#openidLogin()">openidLogin</a></span>()</code></th>
<td class="colLast">
<div class="block"><span class="deprecatedLabel">Deprecated.</span>
<div class="deprecationComment">The OpenID 1.0 and 2.0 protocols have been deprecated and users are
<a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
supported by <code>spring-security-oauth2</code>.</div>
</div>
</td>
</tr>
<tr id="i38" class="altColor">
<td class="colFirst"><code><a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#openidLogin(org.springframework.security.config.Customizer)">openidLogin</a></span>&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="../configurers/openid/OpenIDLoginConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers.openid">OpenIDLoginConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&gt;&nbsp;openidLoginCustomizer)</code></th>
<td class="colLast">
<div class="block"><span class="deprecatedLabel">Deprecated.</span>
<div class="deprecationComment">The OpenID 1.0 and 2.0 protocols have been deprecated and users are
<a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
supported by <code>spring-security-oauth2</code>.</div>
</div>
</td>
</tr>
<tr id="i39" class="rowColor">
<td class="colFirst"><code><a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#passwordManagement(org.springframework.security.config.Customizer)">passwordManagement</a></span>&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="../configurers/PasswordManagementConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">PasswordManagementConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&gt;&nbsp;passwordManagementCustomizer)</code></th>
<td class="colLast">
<div class="block">Adds support for the password management.</div>
</td>
</tr>
<tr id="i40" class="altColor">
<td class="colFirst"><code>protected <a href="../../../../web/DefaultSecurityFilterChain.html" title="class in org.springframework.security.web">DefaultSecurityFilterChain</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#performBuild()">performBuild</a></span>()</code></th>
<td class="colLast">
<div class="block">Subclasses must implement this method to build the object that is being returned.</div>
</td>
</tr>
<tr id="i41" class="rowColor">
<td class="colFirst"><code><a href="../configurers/PortMapperConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">PortMapperConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#portMapper()">portMapper</a></span>()</code></th>
<td class="colLast">
<div class="block">Allows configuring a <a href="../../../../web/PortMapper.html" title="interface in org.springframework.security.web"><code>PortMapper</code></a> that is available from
<a href="../../AbstractConfiguredSecurityBuilder.html#getSharedObject(java.lang.Class)"><code>AbstractConfiguredSecurityBuilder.getSharedObject(Class)</code></a>.</div>
</td>
</tr>
<tr id="i42" class="altColor">
<td class="colFirst"><code><a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#portMapper(org.springframework.security.config.Customizer)">portMapper</a></span>&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="../configurers/PortMapperConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">PortMapperConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&gt;&nbsp;portMapperCustomizer)</code></th>
<td class="colLast">
<div class="block">Allows configuring a <a href="../../../../web/PortMapper.html" title="interface in org.springframework.security.web"><code>PortMapper</code></a> that is available from
<a href="../../AbstractConfiguredSecurityBuilder.html#getSharedObject(java.lang.Class)"><code>AbstractConfiguredSecurityBuilder.getSharedObject(Class)</code></a>.</div>
</td>
</tr>
<tr id="i43" class="rowColor">
<td class="colFirst"><code><a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#regexMatcher(java.lang.String)">regexMatcher</a></span>&#8203;(java.lang.String&nbsp;pattern)</code></th>
<td class="colLast">
<div class="block">Allows configuring the <a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> to only be invoked when matching the
provided regex pattern.</div>
</td>
</tr>
<tr id="i44" class="altColor">
<td class="colFirst"><code><a href="../configurers/RememberMeConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">RememberMeConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#rememberMe()">rememberMe</a></span>()</code></th>
<td class="colLast">
<div class="block">Allows configuring of Remember Me authentication.</div>
</td>
</tr>
<tr id="i45" class="rowColor">
<td class="colFirst"><code><a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#rememberMe(org.springframework.security.config.Customizer)">rememberMe</a></span>&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="../configurers/RememberMeConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">RememberMeConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&gt;&nbsp;rememberMeCustomizer)</code></th>
<td class="colLast">
<div class="block">Allows configuring of Remember Me authentication.</div>
</td>
</tr>
<tr id="i46" class="altColor">
<td class="colFirst"><code><a href="../configurers/RequestCacheConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">RequestCacheConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#requestCache()">requestCache</a></span>()</code></th>
<td class="colLast">
<div class="block">Allows configuring the Request Cache.</div>
</td>
</tr>
<tr id="i47" class="rowColor">
<td class="colFirst"><code><a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#requestCache(org.springframework.security.config.Customizer)">requestCache</a></span>&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="../configurers/RequestCacheConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">RequestCacheConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&gt;&nbsp;requestCacheCustomizer)</code></th>
<td class="colLast">
<div class="block">Allows configuring the Request Cache.</div>
</td>
</tr>
<tr id="i48" class="altColor">
<td class="colFirst"><code><a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#requestMatcher(org.springframework.security.web.util.matcher.RequestMatcher)">requestMatcher</a></span>&#8203;(<a href="../../../../web/util/matcher/RequestMatcher.html" title="interface in org.springframework.security.web.util.matcher">RequestMatcher</a>&nbsp;requestMatcher)</code></th>
<td class="colLast">
<div class="block">Allows configuring the <a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> to only be invoked when matching the
provided <a href="../../../../web/util/matcher/RequestMatcher.html" title="interface in org.springframework.security.web.util.matcher"><code>RequestMatcher</code></a>.</div>
</td>
</tr>
<tr id="i49" class="rowColor">
<td class="colFirst"><code><a href="HttpSecurity.RequestMatcherConfigurer.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity.RequestMatcherConfigurer</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#requestMatchers()">requestMatchers</a></span>()</code></th>
<td class="colLast">
<div class="block">Allows specifying which <code>HttpServletRequest</code> instances this
<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> will be invoked on.</div>
</td>
</tr>
<tr id="i50" class="altColor">
<td class="colFirst"><code><a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#requestMatchers(org.springframework.security.config.Customizer)">requestMatchers</a></span>&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="HttpSecurity.RequestMatcherConfigurer.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity.RequestMatcherConfigurer</a>&gt;&nbsp;requestMatcherCustomizer)</code></th>
<td class="colLast">
<div class="block">Allows specifying which <code>HttpServletRequest</code> instances this
<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> will be invoked on.</div>
</td>
</tr>
<tr id="i51" class="rowColor">
<td class="colFirst"><code><a href="../configurers/ChannelSecurityConfigurer.ChannelRequestMatcherRegistry.html" title="class in org.springframework.security.config.annotation.web.configurers">ChannelSecurityConfigurer.ChannelRequestMatcherRegistry</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#requiresChannel()">requiresChannel</a></span>()</code></th>
<td class="colLast">
<div class="block">Configures channel security.</div>
</td>
</tr>
<tr id="i52" class="altColor">
<td class="colFirst"><code><a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#requiresChannel(org.springframework.security.config.Customizer)">requiresChannel</a></span>&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="../configurers/ChannelSecurityConfigurer.ChannelRequestMatcherRegistry.html" title="class in org.springframework.security.config.annotation.web.configurers">ChannelSecurityConfigurer.ChannelRequestMatcherRegistry</a>&gt;&nbsp;requiresChannelCustomizer)</code></th>
<td class="colLast">
<div class="block">Configures channel security.</div>
</td>
</tr>
<tr id="i53" class="rowColor">
<td class="colFirst"><code><a href="../configurers/saml2/Saml2LoginConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers.saml2">Saml2LoginConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#saml2Login()">saml2Login</a></span>()</code></th>
<td class="colLast">
<div class="block">Configures authentication support using an SAML 2.0 Service Provider.</div>
</td>
</tr>
<tr id="i54" class="altColor">
<td class="colFirst"><code><a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#saml2Login(org.springframework.security.config.Customizer)">saml2Login</a></span>&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="../configurers/saml2/Saml2LoginConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers.saml2">Saml2LoginConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&gt;&nbsp;saml2LoginCustomizer)</code></th>
<td class="colLast">
<div class="block">Configures authentication support using an SAML 2.0 Service Provider.</div>
</td>
</tr>
<tr id="i55" class="rowColor">
<td class="colFirst"><code><a href="../configurers/saml2/Saml2LogoutConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers.saml2">Saml2LogoutConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#saml2Logout()">saml2Logout</a></span>()</code></th>
<td class="colLast">
<div class="block">Configures logout support for an SAML 2.0 Relying Party.</div>
</td>
</tr>
<tr id="i56" class="altColor">
<td class="colFirst"><code><a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#saml2Logout(org.springframework.security.config.Customizer)">saml2Logout</a></span>&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="../configurers/saml2/Saml2LogoutConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers.saml2">Saml2LogoutConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&gt;&nbsp;saml2LogoutCustomizer)</code></th>
<td class="colLast">
<div class="block">Configures logout support for an SAML 2.0 Relying Party.</div>
</td>
</tr>
<tr id="i57" class="rowColor">
<td class="colFirst"><code><a href="../configurers/SecurityContextConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">SecurityContextConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#securityContext()">securityContext</a></span>()</code></th>
<td class="colLast">
<div class="block">Sets up management of the <a href="../../../../core/context/SecurityContext.html" title="interface in org.springframework.security.core.context"><code>SecurityContext</code></a> on the
<a href="../../../../core/context/SecurityContextHolder.html" title="class in org.springframework.security.core.context"><code>SecurityContextHolder</code></a> between <code>HttpServletRequest</code>'s.</div>
</td>
</tr>
<tr id="i58" class="altColor">
<td class="colFirst"><code><a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#securityContext(org.springframework.security.config.Customizer)">securityContext</a></span>&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="../configurers/SecurityContextConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">SecurityContextConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&gt;&nbsp;securityContextCustomizer)</code></th>
<td class="colLast">
<div class="block">Sets up management of the <a href="../../../../core/context/SecurityContext.html" title="interface in org.springframework.security.core.context"><code>SecurityContext</code></a> on the
<a href="../../../../core/context/SecurityContextHolder.html" title="class in org.springframework.security.core.context"><code>SecurityContextHolder</code></a> between <code>HttpServletRequest</code>'s.</div>
</td>
</tr>
<tr id="i59" class="rowColor">
<td class="colFirst"><code><a href="../configurers/ServletApiConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">ServletApiConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#servletApi()">servletApi</a></span>()</code></th>
<td class="colLast">
<div class="block">Integrates the <code>HttpServletRequest</code> methods with the values found on the
<a href="../../../../core/context/SecurityContext.html" title="interface in org.springframework.security.core.context"><code>SecurityContext</code></a>.</div>
</td>
</tr>
<tr id="i60" class="altColor">
<td class="colFirst"><code><a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#servletApi(org.springframework.security.config.Customizer)">servletApi</a></span>&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="../configurers/ServletApiConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">ServletApiConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&gt;&nbsp;servletApiCustomizer)</code></th>
<td class="colLast">
<div class="block">Integrates the <code>HttpServletRequest</code> methods with the values found on the
<a href="../../../../core/context/SecurityContext.html" title="interface in org.springframework.security.core.context"><code>SecurityContext</code></a>.</div>
</td>
</tr>
<tr id="i61" class="rowColor">
<td class="colFirst"><code><a href="../configurers/SessionManagementConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">SessionManagementConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#sessionManagement()">sessionManagement</a></span>()</code></th>
<td class="colLast">
<div class="block">Allows configuring of Session Management.</div>
</td>
</tr>
<tr id="i62" class="altColor">
<td class="colFirst"><code><a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#sessionManagement(org.springframework.security.config.Customizer)">sessionManagement</a></span>&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="../configurers/SessionManagementConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">SessionManagementConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&gt;&nbsp;sessionManagementCustomizer)</code></th>
<td class="colLast">
<div class="block">Allows configuring of Session Management.</div>
</td>
</tr>
<tr id="i63" class="rowColor">
<td class="colFirst"><code>&lt;C&gt;&nbsp;void</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#setSharedObject(java.lang.Class,C)">setSharedObject</a></span>&#8203;(java.lang.Class&lt;C&gt;&nbsp;sharedType,
C&nbsp;object)</code></th>
<td class="colLast">
<div class="block">Sets an object that is shared by multiple <a href="../../SecurityConfigurer.html" title="interface in org.springframework.security.config.annotation"><code>SecurityConfigurer</code></a>.</div>
</td>
</tr>
<tr id="i64" class="altColor">
<td class="colFirst"><code><a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#userDetailsService(org.springframework.security.core.userdetails.UserDetailsService)">userDetailsService</a></span>&#8203;(<a href="../../../../core/userdetails/UserDetailsService.html" title="interface in org.springframework.security.core.userdetails">UserDetailsService</a>&nbsp;userDetailsService)</code></th>
<td class="colLast">
<div class="block">Allows adding an additional <a href="../../../../core/userdetails/UserDetailsService.html" title="interface in org.springframework.security.core.userdetails"><code>UserDetailsService</code></a> to be used</div>
</td>
</tr>
<tr id="i65" class="rowColor">
<td class="colFirst"><code><a href="../configurers/X509Configurer.html" title="class in org.springframework.security.config.annotation.web.configurers">X509Configurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#x509()">x509</a></span>()</code></th>
<td class="colLast">
<div class="block">Configures X509 based pre authentication.</div>
</td>
</tr>
<tr id="i66" class="altColor">
<td class="colFirst"><code><a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HttpSecurity.html#x509(org.springframework.security.config.Customizer)">x509</a></span>&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="../configurers/X509Configurer.html" title="class in org.springframework.security.config.annotation.web.configurers">X509Configurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&gt;&nbsp;x509Customizer)</code></th>
<td class="colLast">
<div class="block">Configures X509 based pre authentication.</div>
</td>
</tr>
</table>
<ul class="blockList">
<li class="blockList"><a id="methods.inherited.from.class.org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder">

</a>
<h3>Methods inherited from class&nbsp;org.springframework.security.config.annotation.<a href="../../AbstractConfiguredSecurityBuilder.html" title="class in org.springframework.security.config.annotation">AbstractConfiguredSecurityBuilder</a></h3>
<code><a href="../../AbstractConfiguredSecurityBuilder.html#apply(C)">apply</a>, <a href="../../AbstractConfiguredSecurityBuilder.html#beforeInit()">beforeInit</a>, <a href="../../AbstractConfiguredSecurityBuilder.html#doBuild()">doBuild</a>, <a href="../../AbstractConfiguredSecurityBuilder.html#getConfigurer(java.lang.Class)">getConfigurer</a>, <a href="../../AbstractConfiguredSecurityBuilder.html#getConfigurers(java.lang.Class)">getConfigurers</a>, <a href="../../AbstractConfiguredSecurityBuilder.html#getOrBuild()">getOrBuild</a>, <a href="../../AbstractConfiguredSecurityBuilder.html#getSharedObject(java.lang.Class)">getSharedObject</a>, <a href="../../AbstractConfiguredSecurityBuilder.html#getSharedObjects()">getSharedObjects</a>, <a href="../../AbstractConfiguredSecurityBuilder.html#objectPostProcessor(org.springframework.security.config.annotation.ObjectPostProcessor)">objectPostProcessor</a>, <a href="../../AbstractConfiguredSecurityBuilder.html#postProcess(P)">postProcess</a>, <a href="../../AbstractConfiguredSecurityBuilder.html#removeConfigurer(java.lang.Class)">removeConfigurer</a>, <a href="../../AbstractConfiguredSecurityBuilder.html#removeConfigurers(java.lang.Class)">removeConfigurers</a></code></li>
</ul>
<ul class="blockList">
<li class="blockList"><a id="methods.inherited.from.class.org.springframework.security.config.annotation.AbstractSecurityBuilder">

</a>
<h3>Methods inherited from class&nbsp;org.springframework.security.config.annotation.<a href="../../AbstractSecurityBuilder.html" title="class in org.springframework.security.config.annotation">AbstractSecurityBuilder</a></h3>
<code><a href="../../AbstractSecurityBuilder.html#build()">build</a>, <a href="../../AbstractSecurityBuilder.html#getObject()">getObject</a></code></li>
</ul>
<ul class="blockList">
<li class="blockList"><a id="methods.inherited.from.class.java.lang.Object">

</a>
<h3>Methods inherited from class&nbsp;java.lang.Object</h3>
<code>clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait</code></li>
</ul>
<ul class="blockList">
<li class="blockList"><a id="methods.inherited.from.class.org.springframework.security.config.annotation.web.HttpSecurityBuilder">

</a>
<h3>Methods inherited from interface&nbsp;org.springframework.security.config.annotation.web.<a href="../HttpSecurityBuilder.html" title="interface in org.springframework.security.config.annotation.web">HttpSecurityBuilder</a></h3>
<code><a href="../HttpSecurityBuilder.html#getConfigurer(java.lang.Class)">getConfigurer</a>, <a href="../HttpSecurityBuilder.html#getSharedObject(java.lang.Class)">getSharedObject</a>, <a href="../HttpSecurityBuilder.html#removeConfigurer(java.lang.Class)">removeConfigurer</a></code></li>
</ul>
<ul class="blockList">
<li class="blockList"><a id="methods.inherited.from.class.org.springframework.security.config.annotation.SecurityBuilder">

</a>
<h3>Methods inherited from interface&nbsp;org.springframework.security.config.annotation.<a href="../../SecurityBuilder.html" title="interface in org.springframework.security.config.annotation">SecurityBuilder</a></h3>
<code><a href="../../SecurityBuilder.html#build()">build</a></code></li>
</ul>
</li>
</ul>
</section>
</li>
</ul>
</div>
<div class="details">
<ul class="blockList">
<li class="blockList">

<section role="region">
<ul class="blockList">
<li class="blockList"><a id="constructor.detail">

</a>
<h3>Constructor Detail</h3>
<a id="&lt;init&gt;(org.springframework.security.config.annotation.ObjectPostProcessor,org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder,java.util.Map)">

</a>
<ul class="blockListLast">
<li class="blockList">
<h4>HttpSecurity</h4>
<pre>public&nbsp;HttpSecurity&#8203;(<a href="../../ObjectPostProcessor.html" title="interface in org.springframework.security.config.annotation">ObjectPostProcessor</a>&lt;java.lang.Object&gt;&nbsp;objectPostProcessor,
                    <a href="../../authentication/builders/AuthenticationManagerBuilder.html" title="class in org.springframework.security.config.annotation.authentication.builders">AuthenticationManagerBuilder</a>&nbsp;authenticationBuilder,
                    java.util.Map&lt;java.lang.Class&lt;?&gt;,&#8203;java.lang.Object&gt;&nbsp;sharedObjects)</pre>
<div class="block">Creates a new instance</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>objectPostProcessor</code> - the <a href="../../ObjectPostProcessor.html" title="interface in org.springframework.security.config.annotation"><code>ObjectPostProcessor</code></a> that should be used</dd>
<dd><code>authenticationBuilder</code> - the <a href="../../authentication/builders/AuthenticationManagerBuilder.html" title="class in org.springframework.security.config.annotation.authentication.builders"><code>AuthenticationManagerBuilder</code></a> to use for
additional updates</dd>
<dd><code>sharedObjects</code> - the shared Objects to initialize the <a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> with</dd>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../configuration/WebSecurityConfiguration.html" title="class in org.springframework.security.config.annotation.web.configuration"><code>WebSecurityConfiguration</code></a></dd>
</dl>
</li>
</ul>
</li>
</ul>
</section>

<section role="region">
<ul class="blockList">
<li class="blockList"><a id="method.detail">

</a>
<h3>Method Detail</h3>
<a id="openidLogin()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>openidLogin</h4>
<pre class="methodSignature">@Deprecated
public&nbsp;<a href="../configurers/openid/OpenIDLoginConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers.openid">OpenIDLoginConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&nbsp;openidLogin()
                                                throws java.lang.Exception</pre>
<div class="deprecationBlock"><span class="deprecatedLabel">Deprecated.</span>
<div class="deprecationComment">The OpenID 1.0 and 2.0 protocols have been deprecated and users are
<a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
supported by <code>spring-security-oauth2</code>.</div>
</div>
<div class="block">Allows configuring OpenID based authentication.
<h2>Example Configurations</h2>
A basic example accepting the defaults and not using attribute exchange:
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class OpenIDLoginConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(HttpSecurity http) {
                http.authorizeRequests().antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;).and().openidLogin()
                                .permitAll();
        }

        &#064;Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
                auth.inMemoryAuthentication()
                                // the username must match the OpenID of the user you are
                                // logging in with
                                .withUser(
                                                &quot;https://www.google.com/accounts/o8/id?id=lmkCn9xzPdsxVwG7pjYMuDgNNdASFmobNkcRPaWU&quot;)
                                .password(&quot;password&quot;).roles(&quot;USER&quot;);
        }
 }
 </pre>
A more advanced example demonstrating using attribute exchange and providing a
custom AuthenticationUserDetailsService that will make any user that authenticates
a valid user.
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class OpenIDLoginConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(HttpSecurity http) {
                http.authorizeRequests()
                                .antMatchers(&quot;/**&quot;)
                                .hasRole(&quot;USER&quot;)
                                .and()
                                .openidLogin()
                                .loginPage(&quot;/login&quot;)
                                .permitAll()
                                .authenticationUserDetailsService(
                                                new AutoProvisioningUserDetailsService())
                                .attributeExchange(&quot;https://www.google.com/.*&quot;).attribute(&quot;email&quot;)
                                .type(&quot;https://axschema.org/contact/email&quot;).required(true).and()
                                .attribute(&quot;firstname&quot;).type(&quot;https://axschema.org/namePerson/first&quot;)
                                .required(true).and().attribute(&quot;lastname&quot;)
                                .type(&quot;https://axschema.org/namePerson/last&quot;).required(true).and().and()
                                .attributeExchange(&quot;.*yahoo.com.*&quot;).attribute(&quot;email&quot;)
                                .type(&quot;https://schema.openid.net/contact/email&quot;).required(true).and()
                                .attribute(&quot;fullname&quot;).type(&quot;https://axschema.org/namePerson&quot;)
                                .required(true).and().and().attributeExchange(&quot;.*myopenid.com.*&quot;)
                                .attribute(&quot;email&quot;).type(&quot;https://schema.openid.net/contact/email&quot;)
                                .required(true).and().attribute(&quot;fullname&quot;)
                                .type(&quot;https://schema.openid.net/namePerson&quot;).required(true);
        }
 }

 public class AutoProvisioningUserDetailsService implements
                AuthenticationUserDetailsService&lt;OpenIDAuthenticationToken&gt; {
        public UserDetails loadUserDetails(OpenIDAuthenticationToken token)
                        throws UsernameNotFoundException {
                return new User(token.getName(), &quot;NOTUSED&quot;,
                                AuthorityUtils.createAuthorityList(&quot;ROLE_USER&quot;));
        }
 }
 </pre></div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="../configurers/openid/OpenIDLoginConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers.openid"><code>OpenIDLoginConfigurer</code></a> for further customizations.</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.Exception</code></dd>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../configurers/openid/OpenIDLoginConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers.openid"><code>OpenIDLoginConfigurer</code></a></dd>
</dl>
</li>
</ul>
<a id="openidLogin(org.springframework.security.config.Customizer)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>openidLogin</h4>
<pre class="methodSignature">@Deprecated
public&nbsp;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&nbsp;openidLogin&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="../configurers/openid/OpenIDLoginConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers.openid">OpenIDLoginConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&gt;&nbsp;openidLoginCustomizer)
                         throws java.lang.Exception</pre>
<div class="deprecationBlock"><span class="deprecatedLabel">Deprecated.</span>
<div class="deprecationComment">The OpenID 1.0 and 2.0 protocols have been deprecated and users are
<a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
supported by <code>spring-security-oauth2</code>.</div>
</div>
<div class="block">Allows configuring OpenID based authentication.
<h2>Example Configurations</h2>
A basic example accepting the defaults and not using attribute exchange:
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class OpenIDLoginConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(HttpSecurity http) {
                http
                        .authorizeRequests((authorizeRequests) -&gt;
                                authorizeRequests
                                        .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
                        )
                        .openidLogin((openidLogin) -&gt;
                                openidLogin
                                        .permitAll()
                        );
        }

        &#064;Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
                auth.inMemoryAuthentication()
                                // the username must match the OpenID of the user you are
                                // logging in with
                                .withUser(
                                                &quot;https://www.google.com/accounts/o8/id?id=lmkCn9xzPdsxVwG7pjYMuDgNNdASFmobNkcRPaWU&quot;)
                                .password(&quot;password&quot;).roles(&quot;USER&quot;);
        }
 }
 </pre>
A more advanced example demonstrating using attribute exchange and providing a
custom AuthenticationUserDetailsService that will make any user that authenticates
a valid user.
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class OpenIDLoginConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(HttpSecurity http) throws Exception {
                http.authorizeRequests((authorizeRequests) -&gt;
                                authorizeRequests
                                        .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
                        )
                        .openidLogin((openidLogin) -&gt;
                                openidLogin
                                        .loginPage(&quot;/login&quot;)
                                        .permitAll()
                                        .authenticationUserDetailsService(
                                                new AutoProvisioningUserDetailsService())
                                        .attributeExchange((googleExchange) -&gt;
                                                googleExchange
                                                        .identifierPattern(&quot;https://www.google.com/.*&quot;)
                                                        .attribute((emailAttribute) -&gt;
                                                                emailAttribute
                                                                        .name(&quot;email&quot;)
                                                                        .type(&quot;https://axschema.org/contact/email&quot;)
                                                                        .required(true)
                                                        )
                                                        .attribute((firstnameAttribute) -&gt;
                                                                firstnameAttribute
                                                                        .name(&quot;firstname&quot;)
                                                                        .type(&quot;https://axschema.org/namePerson/first&quot;)
                                                                        .required(true)
                                                        )
                                                        .attribute((lastnameAttribute) -&gt;
                                                                lastnameAttribute
                                                                        .name(&quot;lastname&quot;)
                                                                        .type(&quot;https://axschema.org/namePerson/last&quot;)
                                                                        .required(true)
                                                        )
                                        )
                                        .attributeExchange((yahooExchange) -&gt;
                                                yahooExchange
                                                        .identifierPattern(&quot;.*yahoo.com.*&quot;)
                                                        .attribute((emailAttribute) -&gt;
                                                                emailAttribute
                                                                        .name(&quot;email&quot;)
                                                                        .type(&quot;https://schema.openid.net/contact/email&quot;)
                                                                        .required(true)
                                                        )
                                                        .attribute((fullnameAttribute) -&gt;
                                                                fullnameAttribute
                                                                        .name(&quot;fullname&quot;)
                                                                        .type(&quot;https://axschema.org/namePerson&quot;)
                                                                        .required(true)
                                                        )
                                        )
                        );
        }
 }

 public class AutoProvisioningUserDetailsService implements
                AuthenticationUserDetailsService&lt;OpenIDAuthenticationToken&gt; {
        public UserDetails loadUserDetails(OpenIDAuthenticationToken token)
                        throws UsernameNotFoundException {
                return new User(token.getName(), &quot;NOTUSED&quot;,
                                AuthorityUtils.createAuthorityList(&quot;ROLE_USER&quot;));
        }
 }
 </pre></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>openidLoginCustomizer</code> - the <a href="../../../Customizer.html" title="interface in org.springframework.security.config"><code>Customizer</code></a> to provide more options for the
<a href="../configurers/openid/OpenIDLoginConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers.openid"><code>OpenIDLoginConfigurer</code></a></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> for further customizations</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.Exception</code></dd>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../configurers/openid/OpenIDLoginConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers.openid"><code>OpenIDLoginConfigurer</code></a></dd>
</dl>
</li>
</ul>
<a id="headers()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>headers</h4>
<pre class="methodSignature">public&nbsp;<a href="../configurers/HeadersConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&nbsp;headers()
                                        throws java.lang.Exception</pre>
<div class="block">Adds the Security headers to the response. This is activated by default when using
<a href="../configuration/WebSecurityConfigurerAdapter.html" title="class in org.springframework.security.config.annotation.web.configuration"><code>WebSecurityConfigurerAdapter</code></a>'s default constructor. Accepting the default
provided by <a href="../configuration/WebSecurityConfigurerAdapter.html" title="class in org.springframework.security.config.annotation.web.configuration"><code>WebSecurityConfigurerAdapter</code></a> or only invoking
<a href="HttpSecurity.html#headers()"><code>headers()</code></a> without invoking additional methods on it, is the equivalent of:
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class CsrfSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
     protected void configure(HttpSecurity http) throws Exception {
         http
             .headers()
                 .contentTypeOptions()
                 .and()
                 .xssProtection()
                 .and()
                 .cacheControl()
                 .and()
                 .httpStrictTransportSecurity()
                 .and()
                 .frameOptions()
                 .and()
             ...;
     }
 }
 </pre>
You can disable the headers using the following:
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class CsrfSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
     protected void configure(HttpSecurity http) throws Exception {
         http
             .headers().disable()
             ...;
     }
 }
 </pre>
You can enable only a few of the headers by first invoking
<a href="../configurers/HeadersConfigurer.html#defaultsDisabled()"><code>HeadersConfigurer.defaultsDisabled()</code></a> and then invoking the appropriate
methods on the <a href="HttpSecurity.html#headers()"><code>headers()</code></a> result. For example, the following will enable
<a href="../configurers/HeadersConfigurer.html#cacheControl()"><code>HeadersConfigurer.cacheControl()</code></a> and
<a href="../configurers/HeadersConfigurer.html#frameOptions()"><code>HeadersConfigurer.frameOptions()</code></a> only.
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class CsrfSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
     protected void configure(HttpSecurity http) throws Exception {
         http
             .headers()
                  .defaultsDisabled()
                  .cacheControl()
                  .and()
                  .frameOptions()
                  .and()
             ...;
     }
 }
 </pre>
You can also choose to keep the defaults but explicitly disable a subset of
headers. For example, the following will enable all the default headers except
<a href="../configurers/HeadersConfigurer.html#frameOptions()"><code>HeadersConfigurer.frameOptions()</code></a>.
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class CsrfSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
     protected void configure(HttpSecurity http) throws Exception {
         http
             .headers()
                  .frameOptions()
                        .disable()
                  .and()
             ...;
     }
 }
 </pre></div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="../configurers/HeadersConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>HeadersConfigurer</code></a> for further customizations</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.Exception</code></dd>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../configurers/HeadersConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>HeadersConfigurer</code></a></dd>
</dl>
</li>
</ul>
<a id="headers(org.springframework.security.config.Customizer)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>headers</h4>
<pre class="methodSignature">public&nbsp;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&nbsp;headers&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="../configurers/HeadersConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&gt;&nbsp;headersCustomizer)
                     throws java.lang.Exception</pre>
<div class="block">Adds the Security headers to the response. This is activated by default when using
<a href="../configuration/WebSecurityConfigurerAdapter.html" title="class in org.springframework.security.config.annotation.web.configuration"><code>WebSecurityConfigurerAdapter</code></a>'s default constructor.
<h2>Example Configurations</h2>
Accepting the default provided by <a href="../configuration/WebSecurityConfigurerAdapter.html" title="class in org.springframework.security.config.annotation.web.configuration"><code>WebSecurityConfigurerAdapter</code></a> or only
invoking <a href="HttpSecurity.html#headers()"><code>headers()</code></a> without invoking additional methods on it, is the
equivalent of:
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class CsrfSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(HttpSecurity http) throws Exception {
                http
                        .headers((headers) -&gt;
                                headers
                                        .contentTypeOptions(withDefaults())
                                        .xssProtection(withDefaults())
                                        .cacheControl(withDefaults())
                                        .httpStrictTransportSecurity(withDefaults())
                                        .frameOptions(withDefaults()
                        );
        }
 }
 </pre>
You can disable the headers using the following:
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class CsrfSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(HttpSecurity http) throws Exception {
                http
                        .headers((headers) -&gt; headers.disable());
        }
 }
 </pre>
You can enable only a few of the headers by first invoking
<a href="../configurers/HeadersConfigurer.html#defaultsDisabled()"><code>HeadersConfigurer.defaultsDisabled()</code></a> and then invoking the appropriate
methods on the <a href="HttpSecurity.html#headers()"><code>headers()</code></a> result. For example, the following will enable
<a href="../configurers/HeadersConfigurer.html#cacheControl()"><code>HeadersConfigurer.cacheControl()</code></a> and
<a href="../configurers/HeadersConfigurer.html#frameOptions()"><code>HeadersConfigurer.frameOptions()</code></a> only.
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class CsrfSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(HttpSecurity http) throws Exception {
                http
                        .headers((headers) -&gt;
                                headers
                                        .defaultsDisabled()
                                        .cacheControl(withDefaults())
                                        .frameOptions(withDefaults())
                        );
        }
 }
 </pre>
You can also choose to keep the defaults but explicitly disable a subset of
headers. For example, the following will enable all the default headers except
<a href="../configurers/HeadersConfigurer.html#frameOptions()"><code>HeadersConfigurer.frameOptions()</code></a>.
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class CsrfSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
  protected void configure(HttpSecurity http) throws Exception {
        http
                .headers((headers) -&gt;
                        headers
                                .frameOptions((frameOptions) -&gt; frameOptions.disable())
                );
 }
 </pre></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>headersCustomizer</code> - the <a href="../../../Customizer.html" title="interface in org.springframework.security.config"><code>Customizer</code></a> to provide more options for the
<a href="../configurers/HeadersConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>HeadersConfigurer</code></a></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> for further customizations</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.Exception</code></dd>
</dl>
</li>
</ul>
<a id="cors()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>cors</h4>
<pre class="methodSignature">public&nbsp;<a href="../configurers/CorsConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">CorsConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&nbsp;cors()
                                  throws java.lang.Exception</pre>
<div class="block">Adds a <code>CorsFilter</code> to be used. If a bean by the name of corsFilter is
provided, that <code>CorsFilter</code> is used. Else if corsConfigurationSource is
defined, then that <code>CorsConfiguration</code> is used. Otherwise, if Spring MVC is
on the classpath a <code>HandlerMappingIntrospector</code> is used.</div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="../configurers/CorsConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>CorsConfigurer</code></a> for customizations</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.Exception</code></dd>
</dl>
</li>
</ul>
<a id="cors(org.springframework.security.config.Customizer)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>cors</h4>
<pre class="methodSignature">public&nbsp;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&nbsp;cors&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="../configurers/CorsConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">CorsConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&gt;&nbsp;corsCustomizer)
                  throws java.lang.Exception</pre>
<div class="block">Adds a <code>CorsFilter</code> to be used. If a bean by the name of corsFilter is
provided, that <code>CorsFilter</code> is used. Else if corsConfigurationSource is
defined, then that <code>CorsConfiguration</code> is used. Otherwise, if Spring MVC is
on the classpath a <code>HandlerMappingIntrospector</code> is used. You can enable CORS
using:
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class CorsSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
     protected void configure(HttpSecurity http) throws Exception {
         http
             .cors(withDefaults());
     }
 }
 </pre></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>corsCustomizer</code> - the <a href="../../../Customizer.html" title="interface in org.springframework.security.config"><code>Customizer</code></a> to provide more options for the
<a href="../configurers/CorsConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>CorsConfigurer</code></a></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> for further customizations</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.Exception</code></dd>
</dl>
</li>
</ul>
<a id="sessionManagement()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>sessionManagement</h4>
<pre class="methodSignature">public&nbsp;<a href="../configurers/SessionManagementConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">SessionManagementConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&nbsp;sessionManagement()
                                                            throws java.lang.Exception</pre>
<div class="block">Allows configuring of Session Management.
<h2>Example Configuration</h2>
The following configuration demonstrates how to enforce that only a single instance
of a user is authenticated at a time. If a user authenticates with the username
"user" without logging out and an attempt to authenticate with "user" is made the
first session will be forcibly terminated and sent to the "/login?expired" URL.
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class SessionManagementSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(HttpSecurity http) throws Exception {
                http.authorizeRequests().anyRequest().hasRole(&quot;USER&quot;).and().formLogin()
                                .permitAll().and().sessionManagement().maximumSessions(1)
                                .expiredUrl(&quot;/login?expired&quot;);
        }

        &#064;Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
                auth.inMemoryAuthentication().withUser(&quot;user&quot;).password(&quot;password&quot;).roles(&quot;USER&quot;);
        }
 }
 </pre>
When using <a href="../configurers/SessionManagementConfigurer.html#maximumSessions(int)"><code>SessionManagementConfigurer.maximumSessions(int)</code></a>, do not forget
to configure <a href="../../../../web/session/HttpSessionEventPublisher.html" title="class in org.springframework.security.web.session"><code>HttpSessionEventPublisher</code></a> for the application to ensure that
expired sessions are cleaned up.
In a web.xml this can be configured using the following:
<pre> &lt;listener&gt;
      &lt;listener-class&gt;org.springframework.security.web.session.HttpSessionEventPublisher&lt;/listener-class&gt;
 &lt;/listener&gt;
 </pre>
Alternatively,
<a href="../../../../web/context/AbstractSecurityWebApplicationInitializer.html#enableHttpSessionEventPublisher()"><code>AbstractSecurityWebApplicationInitializer.enableHttpSessionEventPublisher()</code></a>
could return true.</div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="../configurers/SessionManagementConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>SessionManagementConfigurer</code></a> for further customizations</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.Exception</code></dd>
</dl>
</li>
</ul>
<a id="sessionManagement(org.springframework.security.config.Customizer)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>sessionManagement</h4>
<pre class="methodSignature">public&nbsp;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&nbsp;sessionManagement&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="../configurers/SessionManagementConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">SessionManagementConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&gt;&nbsp;sessionManagementCustomizer)
                               throws java.lang.Exception</pre>
<div class="block">Allows configuring of Session Management.
<h2>Example Configuration</h2>
The following configuration demonstrates how to enforce that only a single instance
of a user is authenticated at a time. If a user authenticates with the username
"user" without logging out and an attempt to authenticate with "user" is made the
first session will be forcibly terminated and sent to the "/login?expired" URL.
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class SessionManagementSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(HttpSecurity http) throws Exception {
                http
                        .authorizeRequests((authorizeRequests) -&gt;
                                authorizeRequests
                                        .anyRequest().hasRole(&quot;USER&quot;)
                        )
                        .formLogin((formLogin) -&gt;
                                formLogin
                                        .permitAll()
                        )
                        .sessionManagement((sessionManagement) -&gt;
                                sessionManagement
                                        .sessionConcurrency((sessionConcurrency) -&gt;
                                                sessionConcurrency
                                                        .maximumSessions(1)
                                                        .expiredUrl(&quot;/login?expired&quot;)
                                        )
                        );
        }
 }
 </pre>
When using <a href="../configurers/SessionManagementConfigurer.html#maximumSessions(int)"><code>SessionManagementConfigurer.maximumSessions(int)</code></a>, do not forget
to configure <a href="../../../../web/session/HttpSessionEventPublisher.html" title="class in org.springframework.security.web.session"><code>HttpSessionEventPublisher</code></a> for the application to ensure that
expired sessions are cleaned up.
In a web.xml this can be configured using the following:
<pre> &lt;listener&gt;
      &lt;listener-class&gt;org.springframework.security.web.session.HttpSessionEventPublisher&lt;/listener-class&gt;
 &lt;/listener&gt;
 </pre>
Alternatively,
<a href="../../../../web/context/AbstractSecurityWebApplicationInitializer.html#enableHttpSessionEventPublisher()"><code>AbstractSecurityWebApplicationInitializer.enableHttpSessionEventPublisher()</code></a>
could return true.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>sessionManagementCustomizer</code> - the <a href="../../../Customizer.html" title="interface in org.springframework.security.config"><code>Customizer</code></a> to provide more options
for the <a href="../configurers/SessionManagementConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>SessionManagementConfigurer</code></a></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> for further customizations</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.Exception</code></dd>
</dl>
</li>
</ul>
<a id="portMapper()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>portMapper</h4>
<pre class="methodSignature">public&nbsp;<a href="../configurers/PortMapperConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">PortMapperConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&nbsp;portMapper()
                                              throws java.lang.Exception</pre>
<div class="block">Allows configuring a <a href="../../../../web/PortMapper.html" title="interface in org.springframework.security.web"><code>PortMapper</code></a> that is available from
<a href="../../AbstractConfiguredSecurityBuilder.html#getSharedObject(java.lang.Class)"><code>AbstractConfiguredSecurityBuilder.getSharedObject(Class)</code></a>. Other provided
<a href="../../SecurityConfigurer.html" title="interface in org.springframework.security.config.annotation"><code>SecurityConfigurer</code></a> objects use this configured <a href="../../../../web/PortMapper.html" title="interface in org.springframework.security.web"><code>PortMapper</code></a> as a
default <a href="../../../../web/PortMapper.html" title="interface in org.springframework.security.web"><code>PortMapper</code></a> when redirecting from HTTP to HTTPS or from HTTPS to
HTTP (for example when used in combination with <a href="HttpSecurity.html#requiresChannel()"><code>requiresChannel()</code></a>. By
default Spring Security uses a <a href="../../../../web/PortMapperImpl.html" title="class in org.springframework.security.web"><code>PortMapperImpl</code></a> which maps the HTTP port 8080
to the HTTPS port 8443 and the HTTP port of 80 to the HTTPS port of 443.
<h2>Example Configuration</h2>
The following configuration will ensure that redirects within Spring Security from
HTTP of a port of 9090 will redirect to HTTPS port of 9443 and the HTTP port of 80
to the HTTPS port of 443.
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class PortMapperSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(HttpSecurity http) throws Exception {
                http.authorizeRequests().antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;).and().formLogin()
                                .permitAll().and()
                                // Example portMapper() configuration
                                .portMapper().http(9090).mapsTo(9443).http(80).mapsTo(443);
        }

        &#064;Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
                auth.inMemoryAuthentication().withUser(&quot;user&quot;).password(&quot;password&quot;).roles(&quot;USER&quot;);
        }
 }
 </pre></div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="../configurers/PortMapperConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>PortMapperConfigurer</code></a> for further customizations</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.Exception</code></dd>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="HttpSecurity.html#requiresChannel()"><code>requiresChannel()</code></a></dd>
</dl>
</li>
</ul>
<a id="portMapper(org.springframework.security.config.Customizer)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>portMapper</h4>
<pre class="methodSignature">public&nbsp;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&nbsp;portMapper&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="../configurers/PortMapperConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">PortMapperConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&gt;&nbsp;portMapperCustomizer)
                        throws java.lang.Exception</pre>
<div class="block">Allows configuring a <a href="../../../../web/PortMapper.html" title="interface in org.springframework.security.web"><code>PortMapper</code></a> that is available from
<a href="../../AbstractConfiguredSecurityBuilder.html#getSharedObject(java.lang.Class)"><code>AbstractConfiguredSecurityBuilder.getSharedObject(Class)</code></a>. Other provided
<a href="../../SecurityConfigurer.html" title="interface in org.springframework.security.config.annotation"><code>SecurityConfigurer</code></a> objects use this configured <a href="../../../../web/PortMapper.html" title="interface in org.springframework.security.web"><code>PortMapper</code></a> as a
default <a href="../../../../web/PortMapper.html" title="interface in org.springframework.security.web"><code>PortMapper</code></a> when redirecting from HTTP to HTTPS or from HTTPS to
HTTP (for example when used in combination with <a href="HttpSecurity.html#requiresChannel()"><code>requiresChannel()</code></a>. By
default Spring Security uses a <a href="../../../../web/PortMapperImpl.html" title="class in org.springframework.security.web"><code>PortMapperImpl</code></a> which maps the HTTP port 8080
to the HTTPS port 8443 and the HTTP port of 80 to the HTTPS port of 443.
<h2>Example Configuration</h2>
The following configuration will ensure that redirects within Spring Security from
HTTP of a port of 9090 will redirect to HTTPS port of 9443 and the HTTP port of 80
to the HTTPS port of 443.
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class PortMapperSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(HttpSecurity http) throws Exception {
                http
                        .requiresChannel((requiresChannel) -&gt;
                                requiresChannel
                                        .anyRequest().requiresSecure()
                        )
                        .portMapper((portMapper) -&gt;
                                portMapper
                                        .http(9090).mapsTo(9443)
                                        .http(80).mapsTo(443)
                        );
        }
 }
 </pre></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>portMapperCustomizer</code> - the <a href="../../../Customizer.html" title="interface in org.springframework.security.config"><code>Customizer</code></a> to provide more options for the
<a href="../configurers/PortMapperConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>PortMapperConfigurer</code></a></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> for further customizations</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.Exception</code></dd>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="HttpSecurity.html#requiresChannel()"><code>requiresChannel()</code></a></dd>
</dl>
</li>
</ul>
<a id="jee()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>jee</h4>
<pre class="methodSignature">public&nbsp;<a href="../configurers/JeeConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">JeeConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&nbsp;jee()
                                throws java.lang.Exception</pre>
<div class="block">Configures container based pre authentication. In this case, authentication is
managed by the Servlet Container.
<h2>Example Configuration</h2>
The following configuration will use the principal found on the
<code>HttpServletRequest</code> and if the user is in the role "ROLE_USER" or
"ROLE_ADMIN" will add that to the resulting <a href="../../../../core/Authentication.html" title="interface in org.springframework.security.core"><code>Authentication</code></a>.
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class JeeSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(HttpSecurity http) throws Exception {
                http.authorizeRequests().antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;).and()
                // Example jee() configuration
                                .jee().mappableRoles(&quot;USER&quot;, &quot;ADMIN&quot;);
        }
 }
 </pre>
Developers wishing to use pre authentication with the container will need to ensure
their web.xml configures the security constraints. For example, the web.xml (there
is no equivalent Java based configuration supported by the Servlet specification)
might look like:
<pre> &lt;login-config&gt;
     &lt;auth-method&gt;FORM&lt;/auth-method&gt;
     &lt;form-login-config&gt;
         &lt;form-login-page&gt;/login&lt;/form-login-page&gt;
         &lt;form-error-page&gt;/login?error&lt;/form-error-page&gt;
     &lt;/form-login-config&gt;
 &lt;/login-config&gt;

 &lt;security-role&gt;
     &lt;role-name&gt;ROLE_USER&lt;/role-name&gt;
 &lt;/security-role&gt;
 &lt;security-constraint&gt;
     &lt;web-resource-collection&gt;
     &lt;web-resource-name&gt;Public&lt;/web-resource-name&gt;
         &lt;description&gt;Matches unconstrained pages&lt;/description&gt;
         &lt;url-pattern&gt;/login&lt;/url-pattern&gt;
         &lt;url-pattern&gt;/logout&lt;/url-pattern&gt;
         &lt;url-pattern&gt;/resources/*&lt;/url-pattern&gt;
     &lt;/web-resource-collection&gt;
 &lt;/security-constraint&gt;
 &lt;security-constraint&gt;
     &lt;web-resource-collection&gt;
         &lt;web-resource-name&gt;Secured Areas&lt;/web-resource-name&gt;
         &lt;url-pattern&gt;/*&lt;/url-pattern&gt;
     &lt;/web-resource-collection&gt;
     &lt;auth-constraint&gt;
         &lt;role-name&gt;ROLE_USER&lt;/role-name&gt;
     &lt;/auth-constraint&gt;
 &lt;/security-constraint&gt;
 </pre>
Last you will need to configure your container to contain the user with the correct
roles. This configuration is specific to the Servlet Container, so consult your
Servlet Container's documentation.</div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="../configurers/JeeConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>JeeConfigurer</code></a> for further customizations</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.Exception</code></dd>
</dl>
</li>
</ul>
<a id="jee(org.springframework.security.config.Customizer)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>jee</h4>
<pre class="methodSignature">public&nbsp;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&nbsp;jee&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="../configurers/JeeConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">JeeConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&gt;&nbsp;jeeCustomizer)
                 throws java.lang.Exception</pre>
<div class="block">Configures container based pre authentication. In this case, authentication is
managed by the Servlet Container.
<h2>Example Configuration</h2>
The following configuration will use the principal found on the
<code>HttpServletRequest</code> and if the user is in the role "ROLE_USER" or
"ROLE_ADMIN" will add that to the resulting <a href="../../../../core/Authentication.html" title="interface in org.springframework.security.core"><code>Authentication</code></a>.
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class JeeSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(HttpSecurity http) throws Exception {
                http
                        .authorizeRequests((authorizeRequests) -&gt;
                                authorizeRequests
                                        .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
                        )
                        .jee((jee) -&gt;
                                jee
                                        .mappableRoles(&quot;USER&quot;, &quot;ADMIN&quot;)
                        );
        }
 }
 </pre>
Developers wishing to use pre authentication with the container will need to ensure
their web.xml configures the security constraints. For example, the web.xml (there
is no equivalent Java based configuration supported by the Servlet specification)
might look like:
<pre> &lt;login-config&gt;
     &lt;auth-method&gt;FORM&lt;/auth-method&gt;
     &lt;form-login-config&gt;
         &lt;form-login-page&gt;/login&lt;/form-login-page&gt;
         &lt;form-error-page&gt;/login?error&lt;/form-error-page&gt;
     &lt;/form-login-config&gt;
 &lt;/login-config&gt;

 &lt;security-role&gt;
     &lt;role-name&gt;ROLE_USER&lt;/role-name&gt;
 &lt;/security-role&gt;
 &lt;security-constraint&gt;
     &lt;web-resource-collection&gt;
     &lt;web-resource-name&gt;Public&lt;/web-resource-name&gt;
         &lt;description&gt;Matches unconstrained pages&lt;/description&gt;
         &lt;url-pattern&gt;/login&lt;/url-pattern&gt;
         &lt;url-pattern&gt;/logout&lt;/url-pattern&gt;
         &lt;url-pattern&gt;/resources/*&lt;/url-pattern&gt;
     &lt;/web-resource-collection&gt;
 &lt;/security-constraint&gt;
 &lt;security-constraint&gt;
     &lt;web-resource-collection&gt;
         &lt;web-resource-name&gt;Secured Areas&lt;/web-resource-name&gt;
         &lt;url-pattern&gt;/*&lt;/url-pattern&gt;
     &lt;/web-resource-collection&gt;
     &lt;auth-constraint&gt;
         &lt;role-name&gt;ROLE_USER&lt;/role-name&gt;
     &lt;/auth-constraint&gt;
 &lt;/security-constraint&gt;
 </pre>
Last you will need to configure your container to contain the user with the correct
roles. This configuration is specific to the Servlet Container, so consult your
Servlet Container's documentation.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>jeeCustomizer</code> - the <a href="../../../Customizer.html" title="interface in org.springframework.security.config"><code>Customizer</code></a> to provide more options for the
<a href="../configurers/JeeConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>JeeConfigurer</code></a></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> for further customizations</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.Exception</code></dd>
</dl>
</li>
</ul>
<a id="x509()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>x509</h4>
<pre class="methodSignature">public&nbsp;<a href="../configurers/X509Configurer.html" title="class in org.springframework.security.config.annotation.web.configurers">X509Configurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&nbsp;x509()
                                  throws java.lang.Exception</pre>
<div class="block">Configures X509 based pre authentication.
<h2>Example Configuration</h2>
The following configuration will attempt to extract the username from the X509
certificate. Remember that the Servlet Container will need to be configured to
request client certificates in order for this to work.
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class X509SecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(HttpSecurity http) throws Exception {
                http.authorizeRequests().antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;).and()
                // Example x509() configuration
                                .x509();
        }
 }
 </pre></div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="../configurers/X509Configurer.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>X509Configurer</code></a> for further customizations</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.Exception</code></dd>
</dl>
</li>
</ul>
<a id="x509(org.springframework.security.config.Customizer)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>x509</h4>
<pre class="methodSignature">public&nbsp;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&nbsp;x509&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="../configurers/X509Configurer.html" title="class in org.springframework.security.config.annotation.web.configurers">X509Configurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&gt;&nbsp;x509Customizer)
                  throws java.lang.Exception</pre>
<div class="block">Configures X509 based pre authentication.
<h2>Example Configuration</h2>
The following configuration will attempt to extract the username from the X509
certificate. Remember that the Servlet Container will need to be configured to
request client certificates in order for this to work.
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class X509SecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(HttpSecurity http) throws Exception {
                http
                        .authorizeRequests((authorizeRequests) -&gt;
                                authorizeRequests
                                        .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
                        )
                        .x509(withDefaults());
        }
 }
 </pre></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>x509Customizer</code> - the <a href="../../../Customizer.html" title="interface in org.springframework.security.config"><code>Customizer</code></a> to provide more options for the
<a href="../configurers/X509Configurer.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>X509Configurer</code></a></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> for further customizations</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.Exception</code></dd>
</dl>
</li>
</ul>
<a id="rememberMe()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>rememberMe</h4>
<pre class="methodSignature">public&nbsp;<a href="../configurers/RememberMeConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">RememberMeConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&nbsp;rememberMe()
                                              throws java.lang.Exception</pre>
<div class="block">Allows configuring of Remember Me authentication.
<h2>Example Configuration</h2>
The following configuration demonstrates how to allow token based remember me
authentication. Upon authenticating if the HTTP parameter named "remember-me"
exists, then the user will be remembered even after their
<code>HttpSession</code> expires.
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class RememberMeSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
                auth.inMemoryAuthentication().withUser(&quot;user&quot;).password(&quot;password&quot;).roles(&quot;USER&quot;);
        }

        &#064;Override
        protected void configure(HttpSecurity http) throws Exception {
                http.authorizeRequests().antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;).and().formLogin()
                                .permitAll().and()
                                // Example Remember Me Configuration
                                .rememberMe();
        }
 }
 </pre></div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="../configurers/RememberMeConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>RememberMeConfigurer</code></a> for further customizations</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.Exception</code></dd>
</dl>
</li>
</ul>
<a id="rememberMe(org.springframework.security.config.Customizer)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>rememberMe</h4>
<pre class="methodSignature">public&nbsp;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&nbsp;rememberMe&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="../configurers/RememberMeConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">RememberMeConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&gt;&nbsp;rememberMeCustomizer)
                        throws java.lang.Exception</pre>
<div class="block">Allows configuring of Remember Me authentication.
<h2>Example Configuration</h2>
The following configuration demonstrates how to allow token based remember me
authentication. Upon authenticating if the HTTP parameter named "remember-me"
exists, then the user will be remembered even after their
<code>HttpSession</code> expires.
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class RememberMeSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(HttpSecurity http) throws Exception {
                http
                        .authorizeRequests((authorizeRequests) -&gt;
                                authorizeRequests
                                        .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
                        )
                        .formLogin(withDefaults())
                        .rememberMe(withDefaults());
        }
 }
 </pre></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>rememberMeCustomizer</code> - the <a href="../../../Customizer.html" title="interface in org.springframework.security.config"><code>Customizer</code></a> to provide more options for the
<a href="../configurers/RememberMeConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>RememberMeConfigurer</code></a></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> for further customizations</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.Exception</code></dd>
</dl>
</li>
</ul>
<a id="authorizeRequests()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>authorizeRequests</h4>
<pre class="methodSignature">public&nbsp;<a href="../configurers/ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry.html" title="class in org.springframework.security.config.annotation.web.configurers">ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry</a>&nbsp;authorizeRequests()
                                                                                      throws java.lang.Exception</pre>
<div class="block">Allows restricting access based upon the <code>HttpServletRequest</code> using
<a href="../../../../web/util/matcher/RequestMatcher.html" title="interface in org.springframework.security.web.util.matcher"><code>RequestMatcher</code></a> implementations (i.e. via URL patterns).
<h2>Example Configurations</h2>
The most basic example is to configure all URLs to require the role "ROLE_USER".
The configuration below requires authentication to every URL and will grant access
to both the user "admin" and "user".
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class AuthorizeUrlsSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(HttpSecurity http) throws Exception {
                http.authorizeRequests().antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;).and().formLogin();
        }

        &#064;Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
                auth.inMemoryAuthentication().withUser(&quot;user&quot;).password(&quot;password&quot;).roles(&quot;USER&quot;)
                                .and().withUser(&quot;admin&quot;).password(&quot;password&quot;).roles(&quot;ADMIN&quot;, &quot;USER&quot;);
        }
 }
 </pre>
We can also configure multiple URLs. The configuration below requires
authentication to every URL and will grant access to URLs starting with /admin/ to
only the "admin" user. All other URLs either user can access.
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class AuthorizeUrlsSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(HttpSecurity http) throws Exception {
                http.authorizeRequests().antMatchers(&quot;/admin/**&quot;).hasRole(&quot;ADMIN&quot;)
                                .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;).and().formLogin();
        }

        &#064;Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
                auth.inMemoryAuthentication().withUser(&quot;user&quot;).password(&quot;password&quot;).roles(&quot;USER&quot;)
                                .and().withUser(&quot;admin&quot;).password(&quot;password&quot;).roles(&quot;ADMIN&quot;, &quot;USER&quot;);
        }
 }
 </pre>
Note that the matchers are considered in order. Therefore, the following is invalid
because the first matcher matches every request and will never get to the second
mapping:
<pre> http.authorizeRequests().antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;).antMatchers(&quot;/admin/**&quot;)
                .hasRole(&quot;ADMIN&quot;)
 </pre></div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="../configurers/ExpressionUrlAuthorizationConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>ExpressionUrlAuthorizationConfigurer</code></a> for further customizations</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.Exception</code></dd>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="HttpSecurity.html#requestMatcher(org.springframework.security.web.util.matcher.RequestMatcher)"><code>requestMatcher(RequestMatcher)</code></a></dd>
</dl>
</li>
</ul>
<a id="authorizeRequests(org.springframework.security.config.Customizer)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>authorizeRequests</h4>
<pre class="methodSignature">public&nbsp;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&nbsp;authorizeRequests&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="../configurers/ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry.html" title="class in org.springframework.security.config.annotation.web.configurers">ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry</a>&gt;&nbsp;authorizeRequestsCustomizer)
                               throws java.lang.Exception</pre>
<div class="block">Allows restricting access based upon the <code>HttpServletRequest</code> using
<a href="../../../../web/util/matcher/RequestMatcher.html" title="interface in org.springframework.security.web.util.matcher"><code>RequestMatcher</code></a> implementations (i.e. via URL patterns).
<h2>Example Configurations</h2>
The most basic example is to configure all URLs to require the role "ROLE_USER".
The configuration below requires authentication to every URL and will grant access
to both the user "admin" and "user".
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class AuthorizeUrlsSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(HttpSecurity http) throws Exception {
                http
                        .authorizeRequests((authorizeRequests) -&gt;
                                authorizeRequests
                                        .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
                        )
                        .formLogin(withDefaults());
        }
 }
 </pre>
We can also configure multiple URLs. The configuration below requires
authentication to every URL and will grant access to URLs starting with /admin/ to
only the "admin" user. All other URLs either user can access.
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class AuthorizeUrlsSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(HttpSecurity http) throws Exception {
                http
                        .authorizeRequests((authorizeRequests) -&gt;
                                authorizeRequests
                                        .antMatchers(&quot;/admin/**&quot;).hasRole(&quot;ADMIN&quot;)
                                        .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
                        )
                        .formLogin(withDefaults());
        }
 }
 </pre>
Note that the matchers are considered in order. Therefore, the following is invalid
because the first matcher matches every request and will never get to the second
mapping:
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class AuthorizeUrlsSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(HttpSecurity http) throws Exception {
                 http
                        .authorizeRequests((authorizeRequests) -&gt;
                                authorizeRequests
                                        .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
                                        .antMatchers(&quot;/admin/**&quot;).hasRole(&quot;ADMIN&quot;)
                        );
        }
 }
 </pre></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>authorizeRequestsCustomizer</code> - the <a href="../../../Customizer.html" title="interface in org.springframework.security.config"><code>Customizer</code></a> to provide more options
for the <a href="../configurers/ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry</code></a></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> for further customizations</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.Exception</code></dd>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="HttpSecurity.html#requestMatcher(org.springframework.security.web.util.matcher.RequestMatcher)"><code>requestMatcher(RequestMatcher)</code></a></dd>
</dl>
</li>
</ul>
<a id="authorizeHttpRequests()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>authorizeHttpRequests</h4>
<pre class="methodSignature">public&nbsp;<a href="../configurers/AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry.html" title="class in org.springframework.security.config.annotation.web.configurers">AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry</a>&nbsp;authorizeHttpRequests()
                                                                                                 throws java.lang.Exception</pre>
<div class="block">Allows restricting access based upon the <code>HttpServletRequest</code> using
<a href="../../../../web/util/matcher/RequestMatcher.html" title="interface in org.springframework.security.web.util.matcher"><code>RequestMatcher</code></a> implementations (i.e. via URL patterns).
<h2>Example Configurations</h2>
The most basic example is to configure all URLs to require the role "ROLE_USER".
The configuration below requires authentication to every URL and will grant access
to both the user "admin" and "user".
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class AuthorizeUrlsSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(HttpSecurity http) throws Exception {
                http
                        .authorizeHttpRequests()
                                .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
                                .and()
                        .formLogin();
        }
 }
 </pre>
We can also configure multiple URLs. The configuration below requires
authentication to every URL and will grant access to URLs starting with /admin/ to
only the "admin" user. All other URLs either user can access.
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class AuthorizeUrlsSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(HttpSecurity http) throws Exception {
                http
                        .authorizeHttpRequests()
                                .antMatchers(&quot;/admin&quot;).hasRole(&quot;ADMIN&quot;)
                                .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
                                .and()
                        .formLogin();
        }
 }
 </pre>
Note that the matchers are considered in order. Therefore, the following is invalid
because the first matcher matches every request and will never get to the second
mapping:
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class AuthorizeUrlsSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(HttpSecurity http) throws Exception {
                http
                        .authorizeHttpRequests()
                                .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
                                .antMatchers(&quot;/admin/**&quot;).hasRole(&quot;ADMIN&quot;)
                                .and()
                        .formLogin();
        }
 }
 </pre></div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> for further customizations</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.Exception</code></dd>
<dt><span class="simpleTagLabel">Since:</span></dt>
<dd>5.6</dd>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="HttpSecurity.html#requestMatcher(org.springframework.security.web.util.matcher.RequestMatcher)"><code>requestMatcher(RequestMatcher)</code></a></dd>
</dl>
</li>
</ul>
<a id="authorizeHttpRequests(org.springframework.security.config.Customizer)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>authorizeHttpRequests</h4>
<pre class="methodSignature">public&nbsp;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&nbsp;authorizeHttpRequests&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="../configurers/AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry.html" title="class in org.springframework.security.config.annotation.web.configurers">AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry</a>&gt;&nbsp;authorizeHttpRequestsCustomizer)
                                   throws java.lang.Exception</pre>
<div class="block">Allows restricting access based upon the <code>HttpServletRequest</code> using
<a href="../../../../web/util/matcher/RequestMatcher.html" title="interface in org.springframework.security.web.util.matcher"><code>RequestMatcher</code></a> implementations (i.e. via URL patterns).
<h2>Example Configurations</h2>
The most basic example is to configure all URLs to require the role "ROLE_USER".
The configuration below requires authentication to every URL and will grant access
to both the user "admin" and "user".
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class AuthorizeUrlsSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(HttpSecurity http) throws Exception {
                http
                        .authorizeHttpRequests((authorizeHttpRequests) -&gt;
                                authorizeHttpRequests
                                        .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
                        )
                        .formLogin(withDefaults());
        }
 }
 </pre>
We can also configure multiple URLs. The configuration below requires
authentication to every URL and will grant access to URLs starting with /admin/ to
only the "admin" user. All other URLs either user can access.
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class AuthorizeUrlsSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(HttpSecurity http) throws Exception {
                http
                        .authorizeHttpRequests((authorizeHttpRequests) -&gt;
                                authorizeHttpRequests
                                        .antMatchers(&quot;/admin/**&quot;).hasRole(&quot;ADMIN&quot;)
                                        .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
                        )
                        .formLogin(withDefaults());
        }
 }
 </pre>
Note that the matchers are considered in order. Therefore, the following is invalid
because the first matcher matches every request and will never get to the second
mapping:
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class AuthorizeUrlsSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(HttpSecurity http) throws Exception {
                http
                        .authorizeHttpRequests((authorizeHttpRequests) -&gt;
                                authorizeHttpRequests
                                        .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
                                        .antMatchers(&quot;/admin/**&quot;).hasRole(&quot;ADMIN&quot;)
                        );
        }
 }
 </pre></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>authorizeHttpRequestsCustomizer</code> - the <a href="../../../Customizer.html" title="interface in org.springframework.security.config"><code>Customizer</code></a> to provide more
options for the <a href="../configurers/AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry</code></a></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> for further customizations</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.Exception</code></dd>
<dt><span class="simpleTagLabel">Since:</span></dt>
<dd>5.5</dd>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="HttpSecurity.html#requestMatcher(org.springframework.security.web.util.matcher.RequestMatcher)"><code>requestMatcher(RequestMatcher)</code></a></dd>
</dl>
</li>
</ul>
<a id="requestCache()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>requestCache</h4>
<pre class="methodSignature">public&nbsp;<a href="../configurers/RequestCacheConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">RequestCacheConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&nbsp;requestCache()
                                                  throws java.lang.Exception</pre>
<div class="block">Allows configuring the Request Cache. For example, a protected page (/protected)
may be requested prior to authentication. The application will redirect the user to
a login page. After authentication, Spring Security will redirect the user to the
originally requested protected page (/protected). This is automatically applied
when using <a href="../configuration/WebSecurityConfigurerAdapter.html" title="class in org.springframework.security.config.annotation.web.configuration"><code>WebSecurityConfigurerAdapter</code></a>.</div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="../configurers/RequestCacheConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>RequestCacheConfigurer</code></a> for further customizations</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.Exception</code></dd>
</dl>
</li>
</ul>
<a id="requestCache(org.springframework.security.config.Customizer)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>requestCache</h4>
<pre class="methodSignature">public&nbsp;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&nbsp;requestCache&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="../configurers/RequestCacheConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">RequestCacheConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&gt;&nbsp;requestCacheCustomizer)
                          throws java.lang.Exception</pre>
<div class="block">Allows configuring the Request Cache. For example, a protected page (/protected)
may be requested prior to authentication. The application will redirect the user to
a login page. After authentication, Spring Security will redirect the user to the
originally requested protected page (/protected). This is automatically applied
when using <a href="../configuration/WebSecurityConfigurerAdapter.html" title="class in org.springframework.security.config.annotation.web.configuration"><code>WebSecurityConfigurerAdapter</code></a>.
<h2>Example Custom Configuration</h2>
The following example demonstrates how to disable request caching.
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class RequestCacheDisabledSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(HttpSecurity http) throws Exception {
                http
                        .authorizeRequests((authorizeRequests) -&gt;
                                authorizeRequests
                                        .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
                        )
                        .requestCache((requestCache) -&gt;
                                requestCache.disable()
                        );
        }
 }
 </pre></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>requestCacheCustomizer</code> - the <a href="../../../Customizer.html" title="interface in org.springframework.security.config"><code>Customizer</code></a> to provide more options for
the <a href="../configurers/RequestCacheConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>RequestCacheConfigurer</code></a></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> for further customizations</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.Exception</code></dd>
</dl>
</li>
</ul>
<a id="exceptionHandling()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>exceptionHandling</h4>
<pre class="methodSignature">public&nbsp;<a href="../configurers/ExceptionHandlingConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">ExceptionHandlingConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&nbsp;exceptionHandling()
                                                            throws java.lang.Exception</pre>
<div class="block">Allows configuring exception handling. This is automatically applied when using
<a href="../configuration/WebSecurityConfigurerAdapter.html" title="class in org.springframework.security.config.annotation.web.configuration"><code>WebSecurityConfigurerAdapter</code></a>.</div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="../configurers/ExceptionHandlingConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>ExceptionHandlingConfigurer</code></a> for further customizations</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.Exception</code></dd>
</dl>
</li>
</ul>
<a id="exceptionHandling(org.springframework.security.config.Customizer)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>exceptionHandling</h4>
<pre class="methodSignature">public&nbsp;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&nbsp;exceptionHandling&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="../configurers/ExceptionHandlingConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">ExceptionHandlingConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&gt;&nbsp;exceptionHandlingCustomizer)
                               throws java.lang.Exception</pre>
<div class="block">Allows configuring exception handling. This is automatically applied when using
<a href="../configuration/WebSecurityConfigurerAdapter.html" title="class in org.springframework.security.config.annotation.web.configuration"><code>WebSecurityConfigurerAdapter</code></a>.
<h2>Example Custom Configuration</h2>
The following customization will ensure that users who are denied access are
forwarded to the page "/errors/access-denied".
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class ExceptionHandlingSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(HttpSecurity http) throws Exception {
                http
                        .authorizeRequests((authorizeRequests) -&gt;
                                authorizeRequests
                                        .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
                        )
                        // sample exception handling customization
                        .exceptionHandling((exceptionHandling) -&gt;
                                exceptionHandling
                                        .accessDeniedPage(&quot;/errors/access-denied&quot;)
                        );
        }
 }
 </pre></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>exceptionHandlingCustomizer</code> - the <a href="../../../Customizer.html" title="interface in org.springframework.security.config"><code>Customizer</code></a> to provide more options
for the <a href="../configurers/ExceptionHandlingConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>ExceptionHandlingConfigurer</code></a></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> for further customizations</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.Exception</code></dd>
</dl>
</li>
</ul>
<a id="securityContext()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>securityContext</h4>
<pre class="methodSignature">public&nbsp;<a href="../configurers/SecurityContextConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">SecurityContextConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&nbsp;securityContext()
                                                        throws java.lang.Exception</pre>
<div class="block">Sets up management of the <a href="../../../../core/context/SecurityContext.html" title="interface in org.springframework.security.core.context"><code>SecurityContext</code></a> on the
<a href="../../../../core/context/SecurityContextHolder.html" title="class in org.springframework.security.core.context"><code>SecurityContextHolder</code></a> between <code>HttpServletRequest</code>'s. This is
automatically applied when using <a href="../configuration/WebSecurityConfigurerAdapter.html" title="class in org.springframework.security.config.annotation.web.configuration"><code>WebSecurityConfigurerAdapter</code></a>.</div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="../configurers/SecurityContextConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>SecurityContextConfigurer</code></a> for further customizations</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.Exception</code></dd>
</dl>
</li>
</ul>
<a id="securityContext(org.springframework.security.config.Customizer)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>securityContext</h4>
<pre class="methodSignature">public&nbsp;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&nbsp;securityContext&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="../configurers/SecurityContextConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">SecurityContextConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&gt;&nbsp;securityContextCustomizer)
                             throws java.lang.Exception</pre>
<div class="block">Sets up management of the <a href="../../../../core/context/SecurityContext.html" title="interface in org.springframework.security.core.context"><code>SecurityContext</code></a> on the
<a href="../../../../core/context/SecurityContextHolder.html" title="class in org.springframework.security.core.context"><code>SecurityContextHolder</code></a> between <code>HttpServletRequest</code>'s. This is
automatically applied when using <a href="../configuration/WebSecurityConfigurerAdapter.html" title="class in org.springframework.security.config.annotation.web.configuration"><code>WebSecurityConfigurerAdapter</code></a>.
The following customization specifies the shared <a href="../../../../web/context/SecurityContextRepository.html" title="interface in org.springframework.security.web.context"><code>SecurityContextRepository</code></a>
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class SecurityContextSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(HttpSecurity http) throws Exception {
                http
                        .securityContext((securityContext) -&gt;
                                securityContext
                                        .securityContextRepository(SCR)
                        );
        }
 }
 </pre></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>securityContextCustomizer</code> - the <a href="../../../Customizer.html" title="interface in org.springframework.security.config"><code>Customizer</code></a> to provide more options for
the <a href="../configurers/SecurityContextConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>SecurityContextConfigurer</code></a></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> for further customizations</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.Exception</code></dd>
</dl>
</li>
</ul>
<a id="servletApi()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>servletApi</h4>
<pre class="methodSignature">public&nbsp;<a href="../configurers/ServletApiConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">ServletApiConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&nbsp;servletApi()
                                              throws java.lang.Exception</pre>
<div class="block">Integrates the <code>HttpServletRequest</code> methods with the values found on the
<a href="../../../../core/context/SecurityContext.html" title="interface in org.springframework.security.core.context"><code>SecurityContext</code></a>. This is automatically applied when using
<a href="../configuration/WebSecurityConfigurerAdapter.html" title="class in org.springframework.security.config.annotation.web.configuration"><code>WebSecurityConfigurerAdapter</code></a>.</div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="../configurers/ServletApiConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>ServletApiConfigurer</code></a> for further customizations</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.Exception</code></dd>
</dl>
</li>
</ul>
<a id="servletApi(org.springframework.security.config.Customizer)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>servletApi</h4>
<pre class="methodSignature">public&nbsp;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&nbsp;servletApi&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="../configurers/ServletApiConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">ServletApiConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&gt;&nbsp;servletApiCustomizer)
                        throws java.lang.Exception</pre>
<div class="block">Integrates the <code>HttpServletRequest</code> methods with the values found on the
<a href="../../../../core/context/SecurityContext.html" title="interface in org.springframework.security.core.context"><code>SecurityContext</code></a>. This is automatically applied when using
<a href="../configuration/WebSecurityConfigurerAdapter.html" title="class in org.springframework.security.config.annotation.web.configuration"><code>WebSecurityConfigurerAdapter</code></a>. You can disable it using:
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class ServletApiSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(HttpSecurity http) throws Exception {
                http
                        .servletApi((servletApi) -&gt;
                                servletApi.disable()
                        );
        }
 }
 </pre></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>servletApiCustomizer</code> - the <a href="../../../Customizer.html" title="interface in org.springframework.security.config"><code>Customizer</code></a> to provide more options for the
<a href="../configurers/ServletApiConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>ServletApiConfigurer</code></a></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> for further customizations</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.Exception</code></dd>
</dl>
</li>
</ul>
<a id="csrf()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>csrf</h4>
<pre class="methodSignature">public&nbsp;<a href="../configurers/CsrfConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">CsrfConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&nbsp;csrf()
                                  throws java.lang.Exception</pre>
<div class="block">Enables CSRF protection. This is activated by default when using
<a href="../configuration/WebSecurityConfigurerAdapter.html" title="class in org.springframework.security.config.annotation.web.configuration"><code>WebSecurityConfigurerAdapter</code></a>'s default constructor. You can disable it
using:
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class CsrfSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
     protected void configure(HttpSecurity http) throws Exception {
         http
             .csrf().disable()
             ...;
     }
 }
 </pre></div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="../configurers/CsrfConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>CsrfConfigurer</code></a> for further customizations</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.Exception</code></dd>
</dl>
</li>
</ul>
<a id="csrf(org.springframework.security.config.Customizer)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>csrf</h4>
<pre class="methodSignature">public&nbsp;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&nbsp;csrf&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="../configurers/CsrfConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">CsrfConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&gt;&nbsp;csrfCustomizer)
                  throws java.lang.Exception</pre>
<div class="block">Enables CSRF protection. This is activated by default when using
<a href="../configuration/WebSecurityConfigurerAdapter.html" title="class in org.springframework.security.config.annotation.web.configuration"><code>WebSecurityConfigurerAdapter</code></a>'s default constructor. You can disable it
using:
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class CsrfSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
     protected void configure(HttpSecurity http) throws Exception {
         http
             .csrf((csrf) -&gt; csrf.disable());
     }
 }
 </pre></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>csrfCustomizer</code> - the <a href="../../../Customizer.html" title="interface in org.springframework.security.config"><code>Customizer</code></a> to provide more options for the
<a href="../configurers/CsrfConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>CsrfConfigurer</code></a></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> for further customizations</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.Exception</code></dd>
</dl>
</li>
</ul>
<a id="logout()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>logout</h4>
<pre class="methodSignature">public&nbsp;<a href="../configurers/LogoutConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">LogoutConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&nbsp;logout()
                                      throws java.lang.Exception</pre>
<div class="block">Provides logout support. This is automatically applied when using
<a href="../configuration/WebSecurityConfigurerAdapter.html" title="class in org.springframework.security.config.annotation.web.configuration"><code>WebSecurityConfigurerAdapter</code></a>. The default is that accessing the URL
"/logout" will log the user out by invalidating the HTTP Session, cleaning up any
<a href="HttpSecurity.html#rememberMe()"><code>rememberMe()</code></a> authentication that was configured, clearing the
<a href="../../../../core/context/SecurityContextHolder.html" title="class in org.springframework.security.core.context"><code>SecurityContextHolder</code></a>, and then redirect to "/login?success".
<h2>Example Custom Configuration</h2>
The following customization to log out when the URL "/custom-logout" is invoked.
Log out will remove the cookie named "remove", not invalidate the HttpSession,
clear the SecurityContextHolder, and upon completion redirect to "/logout-success".
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class LogoutSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(HttpSecurity http) throws Exception {
                http.authorizeRequests().antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;).and().formLogin()
                                .and()
                                // sample logout customization
                                .logout().deleteCookies(&quot;remove&quot;).invalidateHttpSession(false)
                                .logoutUrl(&quot;/custom-logout&quot;).logoutSuccessUrl(&quot;/logout-success&quot;);
        }

        &#064;Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
                auth.inMemoryAuthentication().withUser(&quot;user&quot;).password(&quot;password&quot;).roles(&quot;USER&quot;);
        }
 }
 </pre></div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="../configurers/LogoutConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>LogoutConfigurer</code></a> for further customizations</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.Exception</code></dd>
</dl>
</li>
</ul>
<a id="logout(org.springframework.security.config.Customizer)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>logout</h4>
<pre class="methodSignature">public&nbsp;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&nbsp;logout&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="../configurers/LogoutConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">LogoutConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&gt;&nbsp;logoutCustomizer)
                    throws java.lang.Exception</pre>
<div class="block">Provides logout support. This is automatically applied when using
<a href="../configuration/WebSecurityConfigurerAdapter.html" title="class in org.springframework.security.config.annotation.web.configuration"><code>WebSecurityConfigurerAdapter</code></a>. The default is that accessing the URL
"/logout" will log the user out by invalidating the HTTP Session, cleaning up any
<a href="HttpSecurity.html#rememberMe()"><code>rememberMe()</code></a> authentication that was configured, clearing the
<a href="../../../../core/context/SecurityContextHolder.html" title="class in org.springframework.security.core.context"><code>SecurityContextHolder</code></a>, and then redirect to "/login?success".
<h2>Example Custom Configuration</h2>
The following customization to log out when the URL "/custom-logout" is invoked.
Log out will remove the cookie named "remove", not invalidate the HttpSession,
clear the SecurityContextHolder, and upon completion redirect to "/logout-success".
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class LogoutSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(HttpSecurity http) throws Exception {
                http
                        .authorizeRequests((authorizeRequests) -&gt;
                                authorizeRequests
                                        .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
                        )
                        .formLogin(withDefaults())
                        // sample logout customization
                        .logout((logout) -&gt;
                                logout.deleteCookies(&quot;remove&quot;)
                                        .invalidateHttpSession(false)
                                        .logoutUrl(&quot;/custom-logout&quot;)
                                        .logoutSuccessUrl(&quot;/logout-success&quot;)
                        );
        }
 }
 </pre></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>logoutCustomizer</code> - the <a href="../../../Customizer.html" title="interface in org.springframework.security.config"><code>Customizer</code></a> to provide more options for the
<a href="../configurers/LogoutConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>LogoutConfigurer</code></a></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> for further customizations</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.Exception</code></dd>
</dl>
</li>
</ul>
<a id="anonymous()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>anonymous</h4>
<pre class="methodSignature">public&nbsp;<a href="../configurers/AnonymousConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">AnonymousConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&nbsp;anonymous()
                                            throws java.lang.Exception</pre>
<div class="block">Allows configuring how an anonymous user is represented. This is automatically
applied when used in conjunction with <a href="../configuration/WebSecurityConfigurerAdapter.html" title="class in org.springframework.security.config.annotation.web.configuration"><code>WebSecurityConfigurerAdapter</code></a>. By
default anonymous users will be represented with an
<a href="../../../../authentication/AnonymousAuthenticationToken.html" title="class in org.springframework.security.authentication"><code>AnonymousAuthenticationToken</code></a>
and contain the role "ROLE_ANONYMOUS".
<h2>Example Configuration</h2>
The following configuration demonstrates how to specify that anonymous users should
contain the role "ROLE_ANON" instead.
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class AnonymousSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(HttpSecurity http) throws Exception {
                http
                        .authorizeRequests()
                                .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
                                .and()
                        .formLogin()
                                .and()
                        // sample anonymous customization
                        .anonymous().authorities(&quot;ROLE_ANON&quot;);
        }

        &#064;Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
                auth.inMemoryAuthentication().withUser(&quot;user&quot;).password(&quot;password&quot;).roles(&quot;USER&quot;);
        }
 }
 </pre>
The following demonstrates how to represent anonymous users as null. Note that this
can cause <code>NullPointerException</code> in code that assumes anonymous
authentication is enabled.
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class AnonymousSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(HttpSecurity http) throws Exception {
                http
                        .authorizeRequests()
                                .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
                                .and()
                        .formLogin()
                                .and()
                        // sample anonymous customization
                        .anonymous().disable();
        }

        &#064;Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
                auth.inMemoryAuthentication().withUser(&quot;user&quot;).password(&quot;password&quot;).roles(&quot;USER&quot;);
        }
 }
 </pre></div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="../configurers/AnonymousConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>AnonymousConfigurer</code></a> for further customizations</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.Exception</code></dd>
</dl>
</li>
</ul>
<a id="anonymous(org.springframework.security.config.Customizer)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>anonymous</h4>
<pre class="methodSignature">public&nbsp;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&nbsp;anonymous&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="../configurers/AnonymousConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">AnonymousConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&gt;&nbsp;anonymousCustomizer)
                       throws java.lang.Exception</pre>
<div class="block">Allows configuring how an anonymous user is represented. This is automatically
applied when used in conjunction with <a href="../configuration/WebSecurityConfigurerAdapter.html" title="class in org.springframework.security.config.annotation.web.configuration"><code>WebSecurityConfigurerAdapter</code></a>. By
default anonymous users will be represented with an
<a href="../../../../authentication/AnonymousAuthenticationToken.html" title="class in org.springframework.security.authentication"><code>AnonymousAuthenticationToken</code></a>
and contain the role "ROLE_ANONYMOUS".
<h2>Example Configuration</h2>
The following configuration demonstrates how to specify that anonymous users should
contain the role "ROLE_ANON" instead.
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class AnonymousSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(HttpSecurity http) throws Exception {
                http
                        .authorizeRequests((authorizeRequests) -&gt;
                                authorizeRequests
                                        .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
                        )
                        .formLogin(withDefaults())
                        // sample anonymous customization
                        .anonymous((anonymous) -&gt;
                                anonymous
                                        .authorities(&quot;ROLE_ANON&quot;)
                        )
        }
 }
 </pre>
The following demonstrates how to represent anonymous users as null. Note that this
can cause <code>NullPointerException</code> in code that assumes anonymous
authentication is enabled.
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class AnonymousSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(HttpSecurity http) throws Exception {
                http
                        .authorizeRequests((authorizeRequests) -&gt;
                                authorizeRequests
                                        .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
                        )
                        .formLogin(withDefaults())
                        // sample anonymous customization
                        .anonymous((anonymous) -&gt;
                                anonymous.disable()
                        );
        }

        &#064;Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
                auth.inMemoryAuthentication().withUser(&quot;user&quot;).password(&quot;password&quot;).roles(&quot;USER&quot;);
        }
 }
 </pre></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>anonymousCustomizer</code> - the <a href="../../../Customizer.html" title="interface in org.springframework.security.config"><code>Customizer</code></a> to provide more options for the
<a href="../configurers/AnonymousConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>AnonymousConfigurer</code></a></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> for further customizations</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.Exception</code></dd>
</dl>
</li>
</ul>
<a id="formLogin()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>formLogin</h4>
<pre class="methodSignature">public&nbsp;<a href="../configurers/FormLoginConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">FormLoginConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&nbsp;formLogin()
                                            throws java.lang.Exception</pre>
<div class="block">Specifies to support form based authentication. If
<a href="../configurers/FormLoginConfigurer.html#loginPage(java.lang.String)"><code>FormLoginConfigurer.loginPage(String)</code></a> is not specified a default login page
will be generated.
<h2>Example Configurations</h2>
The most basic configuration defaults to automatically generating a login page at
the URL "/login", redirecting to "/login?error" for authentication failure. The
details of the login page can be found on
<a href="../configurers/FormLoginConfigurer.html#loginPage(java.lang.String)"><code>FormLoginConfigurer.loginPage(String)</code></a>
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class FormLoginSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(HttpSecurity http) throws Exception {
                http.authorizeRequests().antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;).and().formLogin();
        }

        &#064;Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
                auth.inMemoryAuthentication().withUser(&quot;user&quot;).password(&quot;password&quot;).roles(&quot;USER&quot;);
        }
 }
 </pre>
The configuration below demonstrates customizing the defaults.
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class FormLoginSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(HttpSecurity http) throws Exception {
                http.authorizeRequests().antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;).and().formLogin()
                                .usernameParameter(&quot;username&quot;) // default is username
                                .passwordParameter(&quot;password&quot;) // default is password
                                .loginPage(&quot;/authentication/login&quot;) // default is /login with an HTTP get
                                .failureUrl(&quot;/authentication/login?failed&quot;) // default is /login?error
                                .loginProcessingUrl(&quot;/authentication/login/process&quot;); // default is /login
                                                                                                                                                // with an HTTP
                                                                                                                                                // post
        }

        &#064;Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
                auth.inMemoryAuthentication().withUser(&quot;user&quot;).password(&quot;password&quot;).roles(&quot;USER&quot;);
        }
 }
 </pre></div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="../configurers/FormLoginConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>FormLoginConfigurer</code></a> for further customizations</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.Exception</code></dd>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../configurers/FormLoginConfigurer.html#loginPage(java.lang.String)"><code>FormLoginConfigurer.loginPage(String)</code></a></dd>
</dl>
</li>
</ul>
<a id="formLogin(org.springframework.security.config.Customizer)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>formLogin</h4>
<pre class="methodSignature">public&nbsp;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&nbsp;formLogin&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="../configurers/FormLoginConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">FormLoginConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&gt;&nbsp;formLoginCustomizer)
                       throws java.lang.Exception</pre>
<div class="block">Specifies to support form based authentication. If
<a href="../configurers/FormLoginConfigurer.html#loginPage(java.lang.String)"><code>FormLoginConfigurer.loginPage(String)</code></a> is not specified a default login page
will be generated.
<h2>Example Configurations</h2>
The most basic configuration defaults to automatically generating a login page at
the URL "/login", redirecting to "/login?error" for authentication failure. The
details of the login page can be found on
<a href="../configurers/FormLoginConfigurer.html#loginPage(java.lang.String)"><code>FormLoginConfigurer.loginPage(String)</code></a>
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class FormLoginSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(HttpSecurity http) throws Exception {
                http
                        .authorizeRequests((authorizeRequests) -&gt;
                                authorizeRequests
                                        .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
                        )
                        .formLogin(withDefaults());
        }
 }
 </pre>
The configuration below demonstrates customizing the defaults.
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class FormLoginSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(HttpSecurity http) throws Exception {
                http
                        .authorizeRequests((authorizeRequests) -&gt;
                                authorizeRequests
                                        .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
                        )
                        .formLogin((formLogin) -&gt;
                                formLogin
                                        .usernameParameter(&quot;username&quot;)
                                        .passwordParameter(&quot;password&quot;)
                                        .loginPage(&quot;/authentication/login&quot;)
                                        .failureUrl(&quot;/authentication/login?failed&quot;)
                                        .loginProcessingUrl(&quot;/authentication/login/process&quot;)
                        );
        }
 }
 </pre></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>formLoginCustomizer</code> - the <a href="../../../Customizer.html" title="interface in org.springframework.security.config"><code>Customizer</code></a> to provide more options for the
<a href="../configurers/FormLoginConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>FormLoginConfigurer</code></a></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> for further customizations</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.Exception</code></dd>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../configurers/FormLoginConfigurer.html#loginPage(java.lang.String)"><code>FormLoginConfigurer.loginPage(String)</code></a></dd>
</dl>
</li>
</ul>
<a id="saml2Login()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>saml2Login</h4>
<pre class="methodSignature">public&nbsp;<a href="../configurers/saml2/Saml2LoginConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers.saml2">Saml2LoginConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&nbsp;saml2Login()
                                              throws java.lang.Exception</pre>
<div class="block">Configures authentication support using an SAML 2.0 Service Provider. <br>
<br>
The &quot;authentication flow&quot; is implemented using the <b>Web Browser SSO
Profile, using POST and REDIRECT bindings</b>, as documented in the
<a target="_blank" href="https://docs.oasis-open.org/security/saml/">SAML V2.0
Core,Profiles and Bindings</a> specifications. <br>
<br>
As a prerequisite to using this feature, is that you have a SAML v2.0 Identity
Provider to provide an assertion. The representation of the Service Provider, the
relying party, and the remote Identity Provider, the asserting party is contained
within <a href="../../../../saml2/provider/service/registration/RelyingPartyRegistration.html" title="class in org.springframework.security.saml2.provider.service.registration"><code>RelyingPartyRegistration</code></a>. <br>
<br>
<a href="../../../../saml2/provider/service/registration/RelyingPartyRegistration.html" title="class in org.springframework.security.saml2.provider.service.registration"><code>RelyingPartyRegistration</code></a>(s) are composed within a
<a href="../../../../saml2/provider/service/registration/RelyingPartyRegistrationRepository.html" title="interface in org.springframework.security.saml2.provider.service.registration"><code>RelyingPartyRegistrationRepository</code></a>, which is <b>required</b> and must be
registered with the <code>ApplicationContext</code> or configured via
<code>saml2Login().relyingPartyRegistrationRepository(..)</code>. <br>
<br>
The default configuration provides an auto-generated login page at
<code>&quot;/login&quot;</code> and redirects to
<code>&quot;/login?error&quot;</code> when an authentication error occurs. The
login page will display each of the identity providers with a link that is capable
of initiating the &quot;authentication flow&quot;. <br>
<br>
<p>
<h2>Example Configuration</h2>
The following example shows the minimal configuration required, using SimpleSamlPhp
as the Authentication Provider.
<pre> &#064;Configuration
 public class Saml2LoginConfig {

        &#064;EnableWebSecurity
        public static class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
                &#064;Override
                protected void configure(HttpSecurity http) throws Exception {
                        http
                                .authorizeRequests()
                                        .anyRequest().authenticated()
                                        .and()
                                  .saml2Login();
                }
        }

        &#064;Bean
        public RelyingPartyRegistrationRepository relyingPartyRegistrationRepository() {
                return new InMemoryRelyingPartyRegistrationRepository(this.getSaml2RelyingPartyRegistration());
        }

        private RelyingPartyRegistration getSaml2RelyingPartyRegistration() {
                //remote IDP entity ID
                String idpEntityId = "https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/metadata.php";
                //remote WebSSO Endpoint - Where to Send AuthNRequests to
                String webSsoEndpoint = "https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/SSOService.php";
                //local registration ID
                String registrationId = "simplesamlphp";
                //local entity ID - autogenerated based on URL
                String localEntityIdTemplate = "{baseUrl}/saml2/service-provider-metadata/{registrationId}";
                //local signing (and decryption key)
                Saml2X509Credential signingCredential = getSigningCredential();
                //IDP certificate for verification of incoming messages
                Saml2X509Credential idpVerificationCertificate = getVerificationCertificate();
                return RelyingPartyRegistration.withRegistrationId(registrationId)
  *                             .remoteIdpEntityId(idpEntityId)
  *                             .idpWebSsoUrl(webSsoEndpoint)
  *                             .credential(signingCredential)
  *                             .credential(idpVerificationCertificate)
  *                             .localEntityIdTemplate(localEntityIdTemplate)
  *                             .build();
        }
 }
 </pre>
<p></div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="../configurers/saml2/Saml2LoginConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers.saml2"><code>Saml2LoginConfigurer</code></a> for further customizations</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.Exception</code></dd>
<dt><span class="simpleTagLabel">Since:</span></dt>
<dd>5.2</dd>
</dl>
</li>
</ul>
<a id="saml2Login(org.springframework.security.config.Customizer)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>saml2Login</h4>
<pre class="methodSignature">public&nbsp;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&nbsp;saml2Login&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="../configurers/saml2/Saml2LoginConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers.saml2">Saml2LoginConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&gt;&nbsp;saml2LoginCustomizer)
                        throws java.lang.Exception</pre>
<div class="block">Configures authentication support using an SAML 2.0 Service Provider. <br>
<br>
The &quot;authentication flow&quot; is implemented using the <b>Web Browser SSO
Profile, using POST and REDIRECT bindings</b>, as documented in the
<a target="_blank" href="https://docs.oasis-open.org/security/saml/">SAML V2.0
Core,Profiles and Bindings</a> specifications. <br>
<br>
As a prerequisite to using this feature, is that you have a SAML v2.0 Identity
Provider to provide an assertion. The representation of the Service Provider, the
relying party, and the remote Identity Provider, the asserting party is contained
within <a href="../../../../saml2/provider/service/registration/RelyingPartyRegistration.html" title="class in org.springframework.security.saml2.provider.service.registration"><code>RelyingPartyRegistration</code></a>. <br>
<br>
<a href="../../../../saml2/provider/service/registration/RelyingPartyRegistration.html" title="class in org.springframework.security.saml2.provider.service.registration"><code>RelyingPartyRegistration</code></a>(s) are composed within a
<a href="../../../../saml2/provider/service/registration/RelyingPartyRegistrationRepository.html" title="interface in org.springframework.security.saml2.provider.service.registration"><code>RelyingPartyRegistrationRepository</code></a>, which is <b>required</b> and must be
registered with the <code>ApplicationContext</code> or configured via
<code>saml2Login().relyingPartyRegistrationRepository(..)</code>. <br>
<br>
The default configuration provides an auto-generated login page at
<code>&quot;/login&quot;</code> and redirects to
<code>&quot;/login?error&quot;</code> when an authentication error occurs. The
login page will display each of the identity providers with a link that is capable
of initiating the &quot;authentication flow&quot;. <br>
<br>
<p>
<h2>Example Configuration</h2>
The following example shows the minimal configuration required, using SimpleSamlPhp
as the Authentication Provider.
<pre> &#064;Configuration
 public class Saml2LoginConfig {

        &#064;EnableWebSecurity
        public static class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
                &#064;Override
                protected void configure(HttpSecurity http) throws Exception {
                        http
                                .authorizeRequests()
                                        .anyRequest().authenticated()
                                        .and()
                                  .saml2Login(withDefaults());
                }
        }

        &#064;Bean
        public RelyingPartyRegistrationRepository relyingPartyRegistrationRepository() {
                return new InMemoryRelyingPartyRegistrationRepository(this.getSaml2RelyingPartyRegistration());
        }

        private RelyingPartyRegistration getSaml2RelyingPartyRegistration() {
                //remote IDP entity ID
                String idpEntityId = "https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/metadata.php";
                //remote WebSSO Endpoint - Where to Send AuthNRequests to
                String webSsoEndpoint = "https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/SSOService.php";
                //local registration ID
                String registrationId = "simplesamlphp";
                //local entity ID - autogenerated based on URL
                String localEntityIdTemplate = "{baseUrl}/saml2/service-provider-metadata/{registrationId}";
                //local signing (and decryption key)
                Saml2X509Credential signingCredential = getSigningCredential();
                //IDP certificate for verification of incoming messages
                Saml2X509Credential idpVerificationCertificate = getVerificationCertificate();
                return RelyingPartyRegistration.withRegistrationId(registrationId)
  *                             .remoteIdpEntityId(idpEntityId)
  *                             .idpWebSsoUrl(webSsoEndpoint)
  *                             .credential(signingCredential)
  *                             .credential(idpVerificationCertificate)
  *                             .localEntityIdTemplate(localEntityIdTemplate)
  *                             .build();
        }
 }
 </pre>
<p></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>saml2LoginCustomizer</code> - the <a href="../../../Customizer.html" title="interface in org.springframework.security.config"><code>Customizer</code></a> to provide more options for the
<a href="../configurers/saml2/Saml2LoginConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers.saml2"><code>Saml2LoginConfigurer</code></a></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> for further customizations</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.Exception</code></dd>
<dt><span class="simpleTagLabel">Since:</span></dt>
<dd>5.2</dd>
</dl>
</li>
</ul>
<a id="saml2Logout(org.springframework.security.config.Customizer)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>saml2Logout</h4>
<pre class="methodSignature">public&nbsp;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&nbsp;saml2Logout&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="../configurers/saml2/Saml2LogoutConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers.saml2">Saml2LogoutConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&gt;&nbsp;saml2LogoutCustomizer)
                         throws java.lang.Exception</pre>
<div class="block">Configures logout support for an SAML 2.0 Relying Party. <br>
<br>
Implements the <b>Single Logout Profile, using POST and REDIRECT bindings</b>, as
documented in the
<a target="_blank" href="https://docs.oasis-open.org/security/saml/">SAML V2.0
Core, Profiles and Bindings</a> specifications. <br>
<br>
As a prerequisite to using this feature, is that you have a SAML v2.0 Asserting
Party to sent a logout request to. The representation of the relying party and the
asserting party is contained within <a href="../../../../saml2/provider/service/registration/RelyingPartyRegistration.html" title="class in org.springframework.security.saml2.provider.service.registration"><code>RelyingPartyRegistration</code></a>. <br>
<br>
<a href="../../../../saml2/provider/service/registration/RelyingPartyRegistration.html" title="class in org.springframework.security.saml2.provider.service.registration"><code>RelyingPartyRegistration</code></a>(s) are composed within a
<a href="../../../../saml2/provider/service/registration/RelyingPartyRegistrationRepository.html" title="interface in org.springframework.security.saml2.provider.service.registration"><code>RelyingPartyRegistrationRepository</code></a>, which is <b>required</b> and must be
registered with the <code>ApplicationContext</code> or configured via
<a href="HttpSecurity.html#saml2Login(org.springframework.security.config.Customizer)"><code>saml2Login(Customizer)</code></a>.<br>
<br>
The default configuration provides an auto-generated logout endpoint at
<code>&quot;/logout&quot;</code> and redirects to <code>/login?logout</code> when
logout completes. <br>
<br>
<p>
<h2>Example Configuration</h2>
The following example shows the minimal configuration required, using a
hypothetical asserting party.
<pre>        &#064;EnableWebSecurity
        &#064;Configuration
        public class Saml2LogoutSecurityConfig {
                &#064;Bean
                public SecurityFilterChain web(HttpSecurity http) throws Exception {
                        http
                                .authorizeRequests((authorize) -&gt; authorize
                                        .anyRequest().authenticated()
                                )
                                .saml2Login(withDefaults())
                                .saml2Logout(withDefaults());
                        return http.build();
                }

                &#064;Bean
                public RelyingPartyRegistrationRepository relyingPartyRegistrationRepository() {
                        RelyingPartyRegistration registration = RelyingPartyRegistrations
                                        .withMetadataLocation("https://ap.example.org/metadata")
                                        .registrationId("simple")
                                        .build();
                        return new InMemoryRelyingPartyRegistrationRepository(registration);
                }
        }
 </pre>
<p></div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> for further customizations</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.Exception</code></dd>
<dt><span class="simpleTagLabel">Since:</span></dt>
<dd>5.6</dd>
</dl>
</li>
</ul>
<a id="saml2Logout()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>saml2Logout</h4>
<pre class="methodSignature">public&nbsp;<a href="../configurers/saml2/Saml2LogoutConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers.saml2">Saml2LogoutConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&nbsp;saml2Logout()
                                                throws java.lang.Exception</pre>
<div class="block">Configures logout support for an SAML 2.0 Relying Party. <br>
<br>
Implements the <b>Single Logout Profile, using POST and REDIRECT bindings</b>, as
documented in the
<a target="_blank" href="https://docs.oasis-open.org/security/saml/">SAML V2.0
Core, Profiles and Bindings</a> specifications. <br>
<br>
As a prerequisite to using this feature, is that you have a SAML v2.0 Asserting
Party to sent a logout request to. The representation of the relying party and the
asserting party is contained within <a href="../../../../saml2/provider/service/registration/RelyingPartyRegistration.html" title="class in org.springframework.security.saml2.provider.service.registration"><code>RelyingPartyRegistration</code></a>. <br>
<br>
<a href="../../../../saml2/provider/service/registration/RelyingPartyRegistration.html" title="class in org.springframework.security.saml2.provider.service.registration"><code>RelyingPartyRegistration</code></a>(s) are composed within a
<a href="../../../../saml2/provider/service/registration/RelyingPartyRegistrationRepository.html" title="interface in org.springframework.security.saml2.provider.service.registration"><code>RelyingPartyRegistrationRepository</code></a>, which is <b>required</b> and must be
registered with the <code>ApplicationContext</code> or configured via
<a href="HttpSecurity.html#saml2Login()"><code>saml2Login()</code></a>.<br>
<br>
The default configuration provides an auto-generated logout endpoint at
<code>&quot;/logout&quot;</code> and redirects to <code>/login?logout</code> when
logout completes. <br>
<br>
<p>
<h2>Example Configuration</h2>
The following example shows the minimal configuration required, using a
hypothetical asserting party.
<pre>        &#064;EnableWebSecurity
        &#064;Configuration
        public class Saml2LogoutSecurityConfig {
                &#064;Bean
                public SecurityFilterChain web(HttpSecurity http) throws Exception {
                        http
                                .authorizeRequests()
                                        .anyRequest().authenticated()
                                        .and()
                                .saml2Login()
                                        .and()
                                .saml2Logout();
                        return http.build();
                }

                &#064;Bean
                public RelyingPartyRegistrationRepository relyingPartyRegistrationRepository() {
                        RelyingPartyRegistration registration = RelyingPartyRegistrations
                                        .withMetadataLocation("https://ap.example.org/metadata")
                                        .registrationId("simple")
                                        .build();
                        return new InMemoryRelyingPartyRegistrationRepository(registration);
                }
        }
 </pre>
<p></div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="../configurers/saml2/Saml2LoginConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers.saml2"><code>Saml2LoginConfigurer</code></a> for further customizations</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.Exception</code></dd>
<dt><span class="simpleTagLabel">Since:</span></dt>
<dd>5.6</dd>
</dl>
</li>
</ul>
<a id="oauth2Login()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>oauth2Login</h4>
<pre class="methodSignature">public&nbsp;<a href="../configurers/oauth2/client/OAuth2LoginConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers.oauth2.client">OAuth2LoginConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&nbsp;oauth2Login()
                                                throws java.lang.Exception</pre>
<div class="block">Configures authentication support using an OAuth 2.0 and/or OpenID Connect 1.0
Provider. <br>
<br>
The &quot;authentication flow&quot; is implemented using the <b>Authorization Code
Grant</b>, as specified in the
<a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1">OAuth 2.0
Authorization Framework</a> and <a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth">OpenID Connect
Core 1.0</a> specification. <br>
<br>
As a prerequisite to using this feature, you must register a client with a
provider. The client registration information may than be used for configuring a
<a href="../../../../oauth2/client/registration/ClientRegistration.html" title="class in org.springframework.security.oauth2.client.registration"><code>ClientRegistration</code></a>
using a
<a href="../../../../oauth2/client/registration/ClientRegistration.Builder.html" title="class in org.springframework.security.oauth2.client.registration"><code>ClientRegistration.Builder</code></a>.
<br>
<br>
<a href="../../../../oauth2/client/registration/ClientRegistration.html" title="class in org.springframework.security.oauth2.client.registration"><code>ClientRegistration</code></a>(s)
are composed within a
<a href="../../../../oauth2/client/registration/ClientRegistrationRepository.html" title="interface in org.springframework.security.oauth2.client.registration"><code>ClientRegistrationRepository</code></a>,
which is <b>required</b> and must be registered with the <code>ApplicationContext</code>
or configured via <code>oauth2Login().clientRegistrationRepository(..)</code>. <br>
<br>
The default configuration provides an auto-generated login page at
<code>&quot;/login&quot;</code> and redirects to
<code>&quot;/login?error&quot;</code> when an authentication error occurs. The
login page will display each of the clients with a link that is capable of
initiating the &quot;authentication flow&quot;. <br>
<br>
<p>
<h2>Example Configuration</h2>
The following example shows the minimal configuration required, using Google as the
Authentication Provider.
<pre> &#064;Configuration
 public class OAuth2LoginConfig {

        &#064;EnableWebSecurity
        public static class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
                &#064;Override
                protected void configure(HttpSecurity http) throws Exception {
                        http
                                .authorizeRequests()
                                        .anyRequest().authenticated()
                                        .and()
                                  .oauth2Login();
                }
        }

        &#064;Bean
        public ClientRegistrationRepository clientRegistrationRepository() {
                return new InMemoryClientRegistrationRepository(this.googleClientRegistration());
        }

        private ClientRegistration googleClientRegistration() {
                return ClientRegistration.withRegistrationId("google")
                        .clientId("google-client-id")
                        .clientSecret("google-client-secret")
                        .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
                        .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
                        .redirectUri("{baseUrl}/login/oauth2/code/{registrationId}")
                        .scope("openid", "profile", "email", "address", "phone")
                        .authorizationUri("https://accounts.google.com/o/oauth2/v2/auth")
                        .tokenUri("https://www.googleapis.com/oauth2/v4/token")
                        .userInfoUri("https://www.googleapis.com/oauth2/v3/userinfo")
                        .userNameAttributeName(IdTokenClaimNames.SUB)
                        .jwkSetUri("https://www.googleapis.com/oauth2/v3/certs")
                        .clientName("Google")
                        .build();
        }
 }
 </pre>
<p>
For more advanced configuration, see <a href="../configurers/oauth2/client/OAuth2LoginConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers.oauth2.client"><code>OAuth2LoginConfigurer</code></a> for available
options to customize the defaults.</div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="../configurers/oauth2/client/OAuth2LoginConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers.oauth2.client"><code>OAuth2LoginConfigurer</code></a> for further customizations</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.Exception</code></dd>
<dt><span class="simpleTagLabel">Since:</span></dt>
<dd>5.0</dd>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1">Section 4.1 Authorization Code
Grant</a>,
<a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth">Section 3.1
Authorization Code Flow</a>,
<a href="../../../../oauth2/client/registration/ClientRegistration.html" title="class in org.springframework.security.oauth2.client.registration"><code>ClientRegistration</code></a>,
<a href="../../../../oauth2/client/registration/ClientRegistrationRepository.html" title="interface in org.springframework.security.oauth2.client.registration"><code>ClientRegistrationRepository</code></a></dd>
</dl>
</li>
</ul>
<a id="oauth2Login(org.springframework.security.config.Customizer)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>oauth2Login</h4>
<pre class="methodSignature">public&nbsp;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&nbsp;oauth2Login&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="../configurers/oauth2/client/OAuth2LoginConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers.oauth2.client">OAuth2LoginConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&gt;&nbsp;oauth2LoginCustomizer)
                         throws java.lang.Exception</pre>
<div class="block">Configures authentication support using an OAuth 2.0 and/or OpenID Connect 1.0
Provider. <br>
<br>
The &quot;authentication flow&quot; is implemented using the <b>Authorization Code
Grant</b>, as specified in the
<a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1">OAuth 2.0
Authorization Framework</a> and <a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth">OpenID Connect
Core 1.0</a> specification. <br>
<br>
As a prerequisite to using this feature, you must register a client with a
provider. The client registration information may than be used for configuring a
<a href="../../../../oauth2/client/registration/ClientRegistration.html" title="class in org.springframework.security.oauth2.client.registration"><code>ClientRegistration</code></a>
using a
<a href="../../../../oauth2/client/registration/ClientRegistration.Builder.html" title="class in org.springframework.security.oauth2.client.registration"><code>ClientRegistration.Builder</code></a>.
<br>
<br>
<a href="../../../../oauth2/client/registration/ClientRegistration.html" title="class in org.springframework.security.oauth2.client.registration"><code>ClientRegistration</code></a>(s)
are composed within a
<a href="../../../../oauth2/client/registration/ClientRegistrationRepository.html" title="interface in org.springframework.security.oauth2.client.registration"><code>ClientRegistrationRepository</code></a>,
which is <b>required</b> and must be registered with the <code>ApplicationContext</code>
or configured via <code>oauth2Login().clientRegistrationRepository(..)</code>. <br>
<br>
The default configuration provides an auto-generated login page at
<code>&quot;/login&quot;</code> and redirects to
<code>&quot;/login?error&quot;</code> when an authentication error occurs. The
login page will display each of the clients with a link that is capable of
initiating the &quot;authentication flow&quot;. <br>
<br>
<p>
<h2>Example Configuration</h2>
The following example shows the minimal configuration required, using Google as the
Authentication Provider.
<pre> &#064;Configuration
 public class OAuth2LoginConfig {

        &#064;EnableWebSecurity
        public static class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
                &#064;Override
                protected void configure(HttpSecurity http) throws Exception {
                        http
                                .authorizeRequests((authorizeRequests) -&gt;
                                        authorizeRequests
                                                .anyRequest().authenticated()
                                )
                                .oauth2Login(withDefaults());
                }
        }

        &#064;Bean
        public ClientRegistrationRepository clientRegistrationRepository() {
                return new InMemoryClientRegistrationRepository(this.googleClientRegistration());
        }

        private ClientRegistration googleClientRegistration() {
                return ClientRegistration.withRegistrationId("google")
                        .clientId("google-client-id")
                        .clientSecret("google-client-secret")
                        .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
                        .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
                        .redirectUri("{baseUrl}/login/oauth2/code/{registrationId}")
                        .scope("openid", "profile", "email", "address", "phone")
                        .authorizationUri("https://accounts.google.com/o/oauth2/v2/auth")
                        .tokenUri("https://www.googleapis.com/oauth2/v4/token")
                        .userInfoUri("https://www.googleapis.com/oauth2/v3/userinfo")
                        .userNameAttributeName(IdTokenClaimNames.SUB)
                        .jwkSetUri("https://www.googleapis.com/oauth2/v3/certs")
                        .clientName("Google")
                        .build();
        }
 }
 </pre>
<p>
For more advanced configuration, see <a href="../configurers/oauth2/client/OAuth2LoginConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers.oauth2.client"><code>OAuth2LoginConfigurer</code></a> for available
options to customize the defaults.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>oauth2LoginCustomizer</code> - the <a href="../../../Customizer.html" title="interface in org.springframework.security.config"><code>Customizer</code></a> to provide more options for the
<a href="../configurers/oauth2/client/OAuth2LoginConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers.oauth2.client"><code>OAuth2LoginConfigurer</code></a></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> for further customizations</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.Exception</code></dd>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1">Section 4.1 Authorization Code
Grant</a>,
<a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth">Section 3.1
Authorization Code Flow</a>,
<a href="../../../../oauth2/client/registration/ClientRegistration.html" title="class in org.springframework.security.oauth2.client.registration"><code>ClientRegistration</code></a>,
<a href="../../../../oauth2/client/registration/ClientRegistrationRepository.html" title="interface in org.springframework.security.oauth2.client.registration"><code>ClientRegistrationRepository</code></a></dd>
</dl>
</li>
</ul>
<a id="oauth2Client()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>oauth2Client</h4>
<pre class="methodSignature">public&nbsp;<a href="../configurers/oauth2/client/OAuth2ClientConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers.oauth2.client">OAuth2ClientConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&nbsp;oauth2Client()
                                                  throws java.lang.Exception</pre>
<div class="block">Configures OAuth 2.0 Client support.</div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="../configurers/oauth2/client/OAuth2ClientConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers.oauth2.client"><code>OAuth2ClientConfigurer</code></a> for further customizations</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.Exception</code></dd>
<dt><span class="simpleTagLabel">Since:</span></dt>
<dd>5.1</dd>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-1.1">OAuth 2.0 Authorization
Framework</a></dd>
</dl>
</li>
</ul>
<a id="oauth2Client(org.springframework.security.config.Customizer)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>oauth2Client</h4>
<pre class="methodSignature">public&nbsp;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&nbsp;oauth2Client&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="../configurers/oauth2/client/OAuth2ClientConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers.oauth2.client">OAuth2ClientConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&gt;&nbsp;oauth2ClientCustomizer)
                          throws java.lang.Exception</pre>
<div class="block">Configures OAuth 2.0 Client support.
<h2>Example Configuration</h2>
The following example demonstrates how to enable OAuth 2.0 Client support for all
endpoints.
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class OAuth2ClientSecurityConfig extends WebSecurityConfigurerAdapter {
        &#064;Override
        protected void configure(HttpSecurity http) throws Exception {
                http
                        .authorizeRequests((authorizeRequests) -&gt;
                                authorizeRequests
                                        .anyRequest().authenticated()
                        )
                        .oauth2Client(withDefaults());
        }
 }
 </pre></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>oauth2ClientCustomizer</code> - the <a href="../../../Customizer.html" title="interface in org.springframework.security.config"><code>Customizer</code></a> to provide more options for
the <a href="../configurers/oauth2/client/OAuth2ClientConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers.oauth2.client"><code>OAuth2ClientConfigurer</code></a></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> for further customizations</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.Exception</code></dd>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-1.1">OAuth 2.0 Authorization
Framework</a></dd>
</dl>
</li>
</ul>
<a id="oauth2ResourceServer()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>oauth2ResourceServer</h4>
<pre class="methodSignature">public&nbsp;<a href="../configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers.oauth2.server.resource">OAuth2ResourceServerConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&nbsp;oauth2ResourceServer()
                                                                  throws java.lang.Exception</pre>
<div class="block">Configures OAuth 2.0 Resource Server support.</div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="../configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers.oauth2.server.resource"><code>OAuth2ResourceServerConfigurer</code></a> for further customizations</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.Exception</code></dd>
<dt><span class="simpleTagLabel">Since:</span></dt>
<dd>5.1</dd>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-1.1">OAuth 2.0 Authorization
Framework</a></dd>
</dl>
</li>
</ul>
<a id="oauth2ResourceServer(org.springframework.security.config.Customizer)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>oauth2ResourceServer</h4>
<pre class="methodSignature">public&nbsp;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&nbsp;oauth2ResourceServer&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="../configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers.oauth2.server.resource">OAuth2ResourceServerConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&gt;&nbsp;oauth2ResourceServerCustomizer)
                                  throws java.lang.Exception</pre>
<div class="block">Configures OAuth 2.0 Resource Server support.
<h2>Example Configuration</h2>
The following example demonstrates how to configure a custom JWT authentication
converter.
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class OAuth2ClientSecurityConfig extends WebSecurityConfigurerAdapter {

 &#064;Value("${spring.security.oauth2.resourceserver.jwt.key-value}")
 RSAPublicKey key;

        &#064;Override
        protected void configure(HttpSecurity http) throws Exception {
                http
                        .authorizeRequests((authorizeRequests) -&gt;
                                authorizeRequests
                                        .anyRequest().authenticated()
                        )
                        .oauth2ResourceServer((oauth2ResourceServer) -&gt;
                                oauth2ResourceServer
                                        .jwt((jwt) -&gt;
                                                jwt
                                                        .decoder(jwtDecoder())
                                        )
                        );
        }

        &#064;Bean
        public JwtDecoder jwtDecoder() {
                return NimbusJwtDecoder.withPublicKey(this.key).build();
        }
 }
 </pre></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>oauth2ResourceServerCustomizer</code> - the <a href="../../../Customizer.html" title="interface in org.springframework.security.config"><code>Customizer</code></a> to provide more
options for the <a href="../configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers.oauth2.server.resource"><code>OAuth2ResourceServerConfigurer</code></a></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> for further customizations</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.Exception</code></dd>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-1.1">OAuth 2.0 Authorization
Framework</a></dd>
</dl>
</li>
</ul>
<a id="requiresChannel()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>requiresChannel</h4>
<pre class="methodSignature">public&nbsp;<a href="../configurers/ChannelSecurityConfigurer.ChannelRequestMatcherRegistry.html" title="class in org.springframework.security.config.annotation.web.configurers">ChannelSecurityConfigurer.ChannelRequestMatcherRegistry</a>&nbsp;requiresChannel()
                                                                        throws java.lang.Exception</pre>
<div class="block">Configures channel security. In order for this configuration to be useful at least
one mapping to a required channel must be provided.
<h2>Example Configuration</h2>
The example below demonstrates how to require HTTPs for every request. Only
requiring HTTPS for some requests is supported, but not recommended since an
application that allows for HTTP introduces many security vulnerabilities. For one
such example, read about
<a href="https://en.wikipedia.org/wiki/Firesheep">Firesheep</a>.
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class ChannelSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(HttpSecurity http) throws Exception {
                http.authorizeRequests().antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;).and().formLogin()
                                .and().requiresChannel().anyRequest().requiresSecure();
        }

        &#064;Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
                auth.inMemoryAuthentication().withUser(&quot;user&quot;).password(&quot;password&quot;).roles(&quot;USER&quot;);
        }
 }
 </pre></div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="../configurers/ChannelSecurityConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>ChannelSecurityConfigurer</code></a> for further customizations</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.Exception</code></dd>
</dl>
</li>
</ul>
<a id="requiresChannel(org.springframework.security.config.Customizer)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>requiresChannel</h4>
<pre class="methodSignature">public&nbsp;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&nbsp;requiresChannel&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="../configurers/ChannelSecurityConfigurer.ChannelRequestMatcherRegistry.html" title="class in org.springframework.security.config.annotation.web.configurers">ChannelSecurityConfigurer.ChannelRequestMatcherRegistry</a>&gt;&nbsp;requiresChannelCustomizer)
                             throws java.lang.Exception</pre>
<div class="block">Configures channel security. In order for this configuration to be useful at least
one mapping to a required channel must be provided.
<h2>Example Configuration</h2>
The example below demonstrates how to require HTTPs for every request. Only
requiring HTTPS for some requests is supported, but not recommended since an
application that allows for HTTP introduces many security vulnerabilities. For one
such example, read about
<a href="https://en.wikipedia.org/wiki/Firesheep">Firesheep</a>.
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class ChannelSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(HttpSecurity http) throws Exception {
                http
                        .authorizeRequests((authorizeRequests) -&gt;
                                authorizeRequests
                                        .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
                        )
                        .formLogin(withDefaults())
                        .requiresChannel((requiresChannel) -&gt;
                                requiresChannel
                                        .anyRequest().requiresSecure()
                        );
        }
 }
 </pre></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>requiresChannelCustomizer</code> - the <a href="../../../Customizer.html" title="interface in org.springframework.security.config"><code>Customizer</code></a> to provide more options for
the <a href="../configurers/ChannelSecurityConfigurer.ChannelRequestMatcherRegistry.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>ChannelSecurityConfigurer.ChannelRequestMatcherRegistry</code></a></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> for further customizations</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.Exception</code></dd>
</dl>
</li>
</ul>
<a id="httpBasic()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>httpBasic</h4>
<pre class="methodSignature">public&nbsp;<a href="../configurers/HttpBasicConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">HttpBasicConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&nbsp;httpBasic()
                                            throws java.lang.Exception</pre>
<div class="block">Configures HTTP Basic authentication.
<h2>Example Configuration</h2>
The example below demonstrates how to configure HTTP Basic authentication for an
application. The default realm is "Realm", but can be customized using
<a href="../configurers/HttpBasicConfigurer.html#realmName(java.lang.String)"><code>HttpBasicConfigurer.realmName(String)</code></a>.
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class HttpBasicSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(HttpSecurity http) throws Exception {
                http.authorizeRequests().antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;).and().httpBasic();
        }

        &#064;Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
                auth.inMemoryAuthentication().withUser(&quot;user&quot;).password(&quot;password&quot;).roles(&quot;USER&quot;);
        }
 }
 </pre></div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="../configurers/HttpBasicConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>HttpBasicConfigurer</code></a> for further customizations</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.Exception</code></dd>
</dl>
</li>
</ul>
<a id="httpBasic(org.springframework.security.config.Customizer)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>httpBasic</h4>
<pre class="methodSignature">public&nbsp;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&nbsp;httpBasic&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="../configurers/HttpBasicConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">HttpBasicConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&gt;&nbsp;httpBasicCustomizer)
                       throws java.lang.Exception</pre>
<div class="block">Configures HTTP Basic authentication.
<h2>Example Configuration</h2>
The example below demonstrates how to configure HTTP Basic authentication for an
application. The default realm is "Realm", but can be customized using
<a href="../configurers/HttpBasicConfigurer.html#realmName(java.lang.String)"><code>HttpBasicConfigurer.realmName(String)</code></a>.
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class HttpBasicSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(HttpSecurity http) throws Exception {
                http
                        .authorizeRequests((authorizeRequests) -&gt;
                                authorizeRequests
                                        .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
                        )
                        .httpBasic(withDefaults());
        }
 }
 </pre></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>httpBasicCustomizer</code> - the <a href="../../../Customizer.html" title="interface in org.springframework.security.config"><code>Customizer</code></a> to provide more options for the
<a href="../configurers/HttpBasicConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>HttpBasicConfigurer</code></a></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> for further customizations</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.Exception</code></dd>
</dl>
</li>
</ul>
<a id="passwordManagement(org.springframework.security.config.Customizer)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>passwordManagement</h4>
<pre class="methodSignature">public&nbsp;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&nbsp;passwordManagement&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="../configurers/PasswordManagementConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">PasswordManagementConfigurer</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;&gt;&nbsp;passwordManagementCustomizer)
                                throws java.lang.Exception</pre>
<div class="block">Adds support for the password management.
<h2>Example Configuration</h2> The example below demonstrates how to configure
password management for an application. The default change password page is
"/change-password", but can be customized using
<a href="../configurers/PasswordManagementConfigurer.html#changePasswordPage(java.lang.String)"><code>PasswordManagementConfigurer.changePasswordPage(String)</code></a>.
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class PasswordManagementSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(HttpSecurity http) throws Exception {
                http
                        .authorizeRequests(authorizeRequests -&gt;
                                authorizeRequests
                                        .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
                        )
                        .passwordManagement(passwordManagement -&gt;
                                passwordManagement
                                        .changePasswordPage(&quot;/custom-change-password-page&quot;)
                        );
  }
 }
 </pre></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>passwordManagementCustomizer</code> - the <a href="../../../Customizer.html" title="interface in org.springframework.security.config"><code>Customizer</code></a> to provide more options
for the <a href="../configurers/PasswordManagementConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>PasswordManagementConfigurer</code></a></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> for further customizations</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.Exception</code></dd>
<dt><span class="simpleTagLabel">Since:</span></dt>
<dd>5.6</dd>
</dl>
</li>
</ul>
<a id="authenticationManager(org.springframework.security.authentication.AuthenticationManager)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>authenticationManager</h4>
<pre class="methodSignature">public&nbsp;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&nbsp;authenticationManager&#8203;(<a href="../../../../authentication/AuthenticationManager.html" title="interface in org.springframework.security.authentication">AuthenticationManager</a>&nbsp;authenticationManager)</pre>
<div class="block">Configure the default <a href="../../../../authentication/AuthenticationManager.html" title="interface in org.springframework.security.authentication"><code>AuthenticationManager</code></a>.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>authenticationManager</code> - the <a href="../../../../authentication/AuthenticationManager.html" title="interface in org.springframework.security.authentication"><code>AuthenticationManager</code></a> to use</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> for further customizations</dd>
<dt><span class="simpleTagLabel">Since:</span></dt>
<dd>5.6</dd>
</dl>
</li>
</ul>
<a id="setSharedObject(java.lang.Class,java.lang.Object)">

</a><a id="setSharedObject(java.lang.Class,C)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>setSharedObject</h4>
<pre class="methodSignature">public&nbsp;&lt;C&gt;&nbsp;void&nbsp;setSharedObject&#8203;(java.lang.Class&lt;C&gt;&nbsp;sharedType,
                                C&nbsp;object)</pre>
<div class="block"><span class="descfrmTypeLabel">Description copied from class:&nbsp;<code><a href="../../AbstractConfiguredSecurityBuilder.html#setSharedObject(java.lang.Class,C)">AbstractConfiguredSecurityBuilder</a></code></span></div>
<div class="block">Sets an object that is shared by multiple <a href="../../SecurityConfigurer.html" title="interface in org.springframework.security.config.annotation"><code>SecurityConfigurer</code></a>.</div>
<dl>
<dt><span class="overrideSpecifyLabel">Specified by:</span></dt>
<dd><code><a href="../HttpSecurityBuilder.html#setSharedObject(java.lang.Class,C)">setSharedObject</a></code>&nbsp;in interface&nbsp;<code><a href="../HttpSecurityBuilder.html" title="interface in org.springframework.security.config.annotation.web">HttpSecurityBuilder</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;</code></dd>
<dt><span class="overrideSpecifyLabel">Overrides:</span></dt>
<dd><code><a href="../../AbstractConfiguredSecurityBuilder.html#setSharedObject(java.lang.Class,C)">setSharedObject</a></code>&nbsp;in class&nbsp;<code><a href="../../AbstractConfiguredSecurityBuilder.html" title="class in org.springframework.security.config.annotation">AbstractConfiguredSecurityBuilder</a>&lt;<a href="../../../../web/DefaultSecurityFilterChain.html" title="class in org.springframework.security.web">DefaultSecurityFilterChain</a>,&#8203;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;</code></dd>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>sharedType</code> - the Class to key the shared object by.</dd>
<dd><code>object</code> - the Object to store</dd>
</dl>
</li>
</ul>
<a id="beforeConfigure()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>beforeConfigure</h4>
<pre class="methodSignature">protected&nbsp;void&nbsp;beforeConfigure()
                        throws java.lang.Exception</pre>
<div class="block"><span class="descfrmTypeLabel">Description copied from class:&nbsp;<code><a href="../../AbstractConfiguredSecurityBuilder.html#beforeConfigure()">AbstractConfiguredSecurityBuilder</a></code></span></div>
<div class="block">Invoked prior to invoking each
<a href="../../SecurityConfigurer.html#configure(B)"><code>SecurityConfigurer.configure(SecurityBuilder)</code></a> method. Subclasses may
override this method to hook into the lifecycle without using a
<a href="../../SecurityConfigurer.html" title="interface in org.springframework.security.config.annotation"><code>SecurityConfigurer</code></a>.</div>
<dl>
<dt><span class="overrideSpecifyLabel">Overrides:</span></dt>
<dd><code><a href="../../AbstractConfiguredSecurityBuilder.html#beforeConfigure()">beforeConfigure</a></code>&nbsp;in class&nbsp;<code><a href="../../AbstractConfiguredSecurityBuilder.html" title="class in org.springframework.security.config.annotation">AbstractConfiguredSecurityBuilder</a>&lt;<a href="../../../../web/DefaultSecurityFilterChain.html" title="class in org.springframework.security.web">DefaultSecurityFilterChain</a>,&#8203;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;</code></dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.Exception</code></dd>
</dl>
</li>
</ul>
<a id="performBuild()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>performBuild</h4>
<pre class="methodSignature">protected&nbsp;<a href="../../../../web/DefaultSecurityFilterChain.html" title="class in org.springframework.security.web">DefaultSecurityFilterChain</a>&nbsp;performBuild()</pre>
<div class="block"><span class="descfrmTypeLabel">Description copied from class:&nbsp;<code><a href="../../AbstractConfiguredSecurityBuilder.html#performBuild()">AbstractConfiguredSecurityBuilder</a></code></span></div>
<div class="block">Subclasses must implement this method to build the object that is being returned.</div>
<dl>
<dt><span class="overrideSpecifyLabel">Specified by:</span></dt>
<dd><code><a href="../../AbstractConfiguredSecurityBuilder.html#performBuild()">performBuild</a></code>&nbsp;in class&nbsp;<code><a href="../../AbstractConfiguredSecurityBuilder.html" title="class in org.springframework.security.config.annotation">AbstractConfiguredSecurityBuilder</a>&lt;<a href="../../../../web/DefaultSecurityFilterChain.html" title="class in org.springframework.security.web">DefaultSecurityFilterChain</a>,&#8203;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;</code></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the Object to be buit or null if the implementation allows it</dd>
</dl>
</li>
</ul>
<a id="authenticationProvider(org.springframework.security.authentication.AuthenticationProvider)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>authenticationProvider</h4>
<pre class="methodSignature">public&nbsp;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&nbsp;authenticationProvider&#8203;(<a href="../../../../authentication/AuthenticationProvider.html" title="interface in org.springframework.security.authentication">AuthenticationProvider</a>&nbsp;authenticationProvider)</pre>
<div class="block"><span class="descfrmTypeLabel">Description copied from interface:&nbsp;<code><a href="../HttpSecurityBuilder.html#authenticationProvider(org.springframework.security.authentication.AuthenticationProvider)">HttpSecurityBuilder</a></code></span></div>
<div class="block">Allows adding an additional <a href="../../../../authentication/AuthenticationProvider.html" title="interface in org.springframework.security.authentication"><code>AuthenticationProvider</code></a> to be used</div>
<dl>
<dt><span class="overrideSpecifyLabel">Specified by:</span></dt>
<dd><code><a href="../HttpSecurityBuilder.html#authenticationProvider(org.springframework.security.authentication.AuthenticationProvider)">authenticationProvider</a></code>&nbsp;in interface&nbsp;<code><a href="../HttpSecurityBuilder.html" title="interface in org.springframework.security.config.annotation.web">HttpSecurityBuilder</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;</code></dd>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>authenticationProvider</code> - the <a href="../../../../authentication/AuthenticationProvider.html" title="interface in org.springframework.security.authentication"><code>AuthenticationProvider</code></a> to be added</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> for further customizations</dd>
</dl>
</li>
</ul>
<a id="userDetailsService(org.springframework.security.core.userdetails.UserDetailsService)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>userDetailsService</h4>
<pre class="methodSignature">public&nbsp;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&nbsp;userDetailsService&#8203;(<a href="../../../../core/userdetails/UserDetailsService.html" title="interface in org.springframework.security.core.userdetails">UserDetailsService</a>&nbsp;userDetailsService)
                                throws java.lang.Exception</pre>
<div class="block"><span class="descfrmTypeLabel">Description copied from interface:&nbsp;<code><a href="../HttpSecurityBuilder.html#userDetailsService(org.springframework.security.core.userdetails.UserDetailsService)">HttpSecurityBuilder</a></code></span></div>
<div class="block">Allows adding an additional <a href="../../../../core/userdetails/UserDetailsService.html" title="interface in org.springframework.security.core.userdetails"><code>UserDetailsService</code></a> to be used</div>
<dl>
<dt><span class="overrideSpecifyLabel">Specified by:</span></dt>
<dd><code><a href="../HttpSecurityBuilder.html#userDetailsService(org.springframework.security.core.userdetails.UserDetailsService)">userDetailsService</a></code>&nbsp;in interface&nbsp;<code><a href="../HttpSecurityBuilder.html" title="interface in org.springframework.security.config.annotation.web">HttpSecurityBuilder</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;</code></dd>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>userDetailsService</code> - the <a href="../../../../core/userdetails/UserDetailsService.html" title="interface in org.springframework.security.core.userdetails"><code>UserDetailsService</code></a> to be added</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> for further customizations</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.Exception</code></dd>
</dl>
</li>
</ul>
<a id="addFilterAfter(javax.servlet.Filter,java.lang.Class)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>addFilterAfter</h4>
<pre class="methodSignature">public&nbsp;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&nbsp;addFilterAfter&#8203;(javax.servlet.Filter&nbsp;filter,
                                   java.lang.Class&lt;? extends javax.servlet.Filter&gt;&nbsp;afterFilter)</pre>
<div class="block"><span class="descfrmTypeLabel">Description copied from interface:&nbsp;<code><a href="../HttpSecurityBuilder.html#addFilterAfter(javax.servlet.Filter,java.lang.Class)">HttpSecurityBuilder</a></code></span></div>
<div class="block">Allows adding a <code>Filter</code> after one of the known <code>Filter</code> classes. The
known <code>Filter</code> instances are either a <code>Filter</code> listed in
<a href="../HttpSecurityBuilder.html#addFilter(javax.servlet.Filter)"><code>HttpSecurityBuilder.addFilter(Filter)</code></a> or a <code>Filter</code> that has already been added using
<a href="../HttpSecurityBuilder.html#addFilterAfter(javax.servlet.Filter,java.lang.Class)"><code>HttpSecurityBuilder.addFilterAfter(Filter, Class)</code></a> or <a href="../HttpSecurityBuilder.html#addFilterBefore(javax.servlet.Filter,java.lang.Class)"><code>HttpSecurityBuilder.addFilterBefore(Filter, Class)</code></a>.</div>
<dl>
<dt><span class="overrideSpecifyLabel">Specified by:</span></dt>
<dd><code><a href="../HttpSecurityBuilder.html#addFilterAfter(javax.servlet.Filter,java.lang.Class)">addFilterAfter</a></code>&nbsp;in interface&nbsp;<code><a href="../HttpSecurityBuilder.html" title="interface in org.springframework.security.config.annotation.web">HttpSecurityBuilder</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;</code></dd>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>filter</code> - the <code>Filter</code> to register after the type <code>afterFilter</code></dd>
<dd><code>afterFilter</code> - the Class of the known <code>Filter</code>.</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> for further customizations</dd>
</dl>
</li>
</ul>
<a id="addFilterBefore(javax.servlet.Filter,java.lang.Class)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>addFilterBefore</h4>
<pre class="methodSignature">public&nbsp;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&nbsp;addFilterBefore&#8203;(javax.servlet.Filter&nbsp;filter,
                                    java.lang.Class&lt;? extends javax.servlet.Filter&gt;&nbsp;beforeFilter)</pre>
<div class="block"><span class="descfrmTypeLabel">Description copied from interface:&nbsp;<code><a href="../HttpSecurityBuilder.html#addFilterBefore(javax.servlet.Filter,java.lang.Class)">HttpSecurityBuilder</a></code></span></div>
<div class="block">Allows adding a <code>Filter</code> before one of the known <code>Filter</code> classes. The
known <code>Filter</code> instances are either a <code>Filter</code> listed in
<a href="../HttpSecurityBuilder.html#addFilter(javax.servlet.Filter)"><code>HttpSecurityBuilder.addFilter(Filter)</code></a> or a <code>Filter</code> that has already been added using
<a href="../HttpSecurityBuilder.html#addFilterAfter(javax.servlet.Filter,java.lang.Class)"><code>HttpSecurityBuilder.addFilterAfter(Filter, Class)</code></a> or <a href="../HttpSecurityBuilder.html#addFilterBefore(javax.servlet.Filter,java.lang.Class)"><code>HttpSecurityBuilder.addFilterBefore(Filter, Class)</code></a>.</div>
<dl>
<dt><span class="overrideSpecifyLabel">Specified by:</span></dt>
<dd><code><a href="../HttpSecurityBuilder.html#addFilterBefore(javax.servlet.Filter,java.lang.Class)">addFilterBefore</a></code>&nbsp;in interface&nbsp;<code><a href="../HttpSecurityBuilder.html" title="interface in org.springframework.security.config.annotation.web">HttpSecurityBuilder</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;</code></dd>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>filter</code> - the <code>Filter</code> to register before the type <code>beforeFilter</code></dd>
<dd><code>beforeFilter</code> - the Class of the known <code>Filter</code>.</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> for further customizations</dd>
</dl>
</li>
</ul>
<a id="addFilter(javax.servlet.Filter)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>addFilter</h4>
<pre class="methodSignature">public&nbsp;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&nbsp;addFilter&#8203;(javax.servlet.Filter&nbsp;filter)</pre>
<div class="block"><span class="descfrmTypeLabel">Description copied from interface:&nbsp;<code><a href="../HttpSecurityBuilder.html#addFilter(javax.servlet.Filter)">HttpSecurityBuilder</a></code></span></div>
<div class="block">Adds a <code>Filter</code> that must be an instance of or extend one of the Filters
provided within the Security framework. The method ensures that the ordering of the
Filters is automatically taken care of.
The ordering of the Filters is:
<ul>
<li><a href="../../../../web/access/channel/ChannelProcessingFilter.html" title="class in org.springframework.security.web.access.channel"><code>ChannelProcessingFilter</code></a></li>
<li><a href="../../../../web/context/SecurityContextPersistenceFilter.html" title="class in org.springframework.security.web.context"><code>SecurityContextPersistenceFilter</code></a></li>
<li><a href="../../../../web/authentication/logout/LogoutFilter.html" title="class in org.springframework.security.web.authentication.logout"><code>LogoutFilter</code></a></li>
<li><a href="../../../../web/authentication/preauth/x509/X509AuthenticationFilter.html" title="class in org.springframework.security.web.authentication.preauth.x509"><code>X509AuthenticationFilter</code></a></li>
<li><a href="../../../../web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.html" title="class in org.springframework.security.web.authentication.preauth"><code>AbstractPreAuthenticatedProcessingFilter</code></a></li>
<li><a href="../../../../cas/web/CasAuthenticationFilter.html">CasAuthenticationFilter</a></li>
<li><a href="../../../../web/authentication/UsernamePasswordAuthenticationFilter.html" title="class in org.springframework.security.web.authentication"><code>UsernamePasswordAuthenticationFilter</code></a></li>
<li><a href="../../../../openid/OpenIDAuthenticationFilter.html" title="class in org.springframework.security.openid"><code>OpenIDAuthenticationFilter</code></a></li>
<li><a href="../../../../web/authentication/ui/DefaultLoginPageGeneratingFilter.html" title="class in org.springframework.security.web.authentication.ui"><code>DefaultLoginPageGeneratingFilter</code></a></li>
<li><a href="../../../../web/authentication/ui/DefaultLogoutPageGeneratingFilter.html" title="class in org.springframework.security.web.authentication.ui"><code>DefaultLogoutPageGeneratingFilter</code></a></li>
<li><a href="../../../../web/session/ConcurrentSessionFilter.html" title="class in org.springframework.security.web.session"><code>ConcurrentSessionFilter</code></a></li>
<li><a href="../../../../web/authentication/www/DigestAuthenticationFilter.html" title="class in org.springframework.security.web.authentication.www"><code>DigestAuthenticationFilter</code></a></li>
<li><a href="../../../../oauth2/server/resource/web/BearerTokenAuthenticationFilter.html" title="class in org.springframework.security.oauth2.server.resource.web"><code>BearerTokenAuthenticationFilter</code></a></li>
<li><a href="../../../../web/authentication/www/BasicAuthenticationFilter.html" title="class in org.springframework.security.web.authentication.www"><code>BasicAuthenticationFilter</code></a></li>
<li><a href="../../../../web/savedrequest/RequestCacheAwareFilter.html" title="class in org.springframework.security.web.savedrequest"><code>RequestCacheAwareFilter</code></a></li>
<li><a href="../../../../web/servletapi/SecurityContextHolderAwareRequestFilter.html" title="class in org.springframework.security.web.servletapi"><code>SecurityContextHolderAwareRequestFilter</code></a></li>
<li><a href="../../../../web/jaasapi/JaasApiIntegrationFilter.html" title="class in org.springframework.security.web.jaasapi"><code>JaasApiIntegrationFilter</code></a></li>
<li><a href="../../../../web/authentication/rememberme/RememberMeAuthenticationFilter.html" title="class in org.springframework.security.web.authentication.rememberme"><code>RememberMeAuthenticationFilter</code></a></li>
<li><a href="../../../../web/authentication/AnonymousAuthenticationFilter.html" title="class in org.springframework.security.web.authentication"><code>AnonymousAuthenticationFilter</code></a></li>
<li><a href="../../../../web/session/SessionManagementFilter.html" title="class in org.springframework.security.web.session"><code>SessionManagementFilter</code></a></li>
<li><a href="../../../../web/access/ExceptionTranslationFilter.html" title="class in org.springframework.security.web.access"><code>ExceptionTranslationFilter</code></a></li>
<li><a href="../../../../web/access/intercept/FilterSecurityInterceptor.html" title="class in org.springframework.security.web.access.intercept"><code>FilterSecurityInterceptor</code></a></li>
<li><a href="../../../../web/authentication/switchuser/SwitchUserFilter.html" title="class in org.springframework.security.web.authentication.switchuser"><code>SwitchUserFilter</code></a></li>
</ul></div>
<dl>
<dt><span class="overrideSpecifyLabel">Specified by:</span></dt>
<dd><code><a href="../HttpSecurityBuilder.html#addFilter(javax.servlet.Filter)">addFilter</a></code>&nbsp;in interface&nbsp;<code><a href="../HttpSecurityBuilder.html" title="interface in org.springframework.security.config.annotation.web">HttpSecurityBuilder</a>&lt;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&gt;</code></dd>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>filter</code> - the <code>Filter</code> to add</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> for further customizations</dd>
</dl>
</li>
</ul>
<a id="addFilterAt(javax.servlet.Filter,java.lang.Class)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>addFilterAt</h4>
<pre class="methodSignature">public&nbsp;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&nbsp;addFilterAt&#8203;(javax.servlet.Filter&nbsp;filter,
                                java.lang.Class&lt;? extends javax.servlet.Filter&gt;&nbsp;atFilter)</pre>
<div class="block">Adds the Filter at the location of the specified Filter class. For example, if you
want the filter CustomFilter to be registered in the same position as
<a href="../../../../web/authentication/UsernamePasswordAuthenticationFilter.html" title="class in org.springframework.security.web.authentication"><code>UsernamePasswordAuthenticationFilter</code></a>, you can invoke:
<pre> addFilterAt(new CustomFilter(), UsernamePasswordAuthenticationFilter.class)
 </pre>
Registration of multiple Filters in the same location means their ordering is not
deterministic. More concretely, registering multiple Filters in the same location
does not override existing Filters. Instead, do not register Filters you do not
want to use.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>filter</code> - the Filter to register</dd>
<dd><code>atFilter</code> - the location of another <code>Filter</code> that is already registered
(i.e. known) with Spring Security.</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> for further customizations</dd>
</dl>
</li>
</ul>
<a id="requestMatchers()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>requestMatchers</h4>
<pre class="methodSignature">public&nbsp;<a href="HttpSecurity.RequestMatcherConfigurer.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity.RequestMatcherConfigurer</a>&nbsp;requestMatchers()</pre>
<div class="block">Allows specifying which <code>HttpServletRequest</code> instances this
<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> will be invoked on. This method allows for easily invoking the
<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> for multiple different <a href="../../../../web/util/matcher/RequestMatcher.html" title="interface in org.springframework.security.web.util.matcher"><code>RequestMatcher</code></a> instances. If
only a single <a href="../../../../web/util/matcher/RequestMatcher.html" title="interface in org.springframework.security.web.util.matcher"><code>RequestMatcher</code></a> is necessary consider using
<a href="HttpSecurity.html#mvcMatcher(java.lang.String)"><code>mvcMatcher(String)</code></a>, <a href="HttpSecurity.html#antMatcher(java.lang.String)"><code>antMatcher(String)</code></a>,
<a href="HttpSecurity.html#regexMatcher(java.lang.String)"><code>regexMatcher(String)</code></a>, or <a href="HttpSecurity.html#requestMatcher(org.springframework.security.web.util.matcher.RequestMatcher)"><code>requestMatcher(RequestMatcher)</code></a>.
<p>
Invoking <a href="HttpSecurity.html#requestMatchers()"><code>requestMatchers()</code></a> will not override previous invocations of
<a href="HttpSecurity.html#mvcMatcher(java.lang.String)"><code>mvcMatcher(String)</code></a>}, <a href="HttpSecurity.html#requestMatchers()"><code>requestMatchers()</code></a>,
<a href="HttpSecurity.html#antMatcher(java.lang.String)"><code>antMatcher(String)</code></a>, <a href="HttpSecurity.html#regexMatcher(java.lang.String)"><code>regexMatcher(String)</code></a>, and
<a href="HttpSecurity.html#requestMatcher(org.springframework.security.web.util.matcher.RequestMatcher)"><code>requestMatcher(RequestMatcher)</code></a>.
</p>
<h3>Example Configurations</h3>
The following configuration enables the <a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> for URLs that begin
with "/api/" or "/oauth/".
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class RequestMatchersSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(HttpSecurity http) throws Exception {
                http
                        .requestMatchers()
                                .antMatchers(&quot;/api/**&quot;, &quot;/oauth/**&quot;)
                                .and()
                        .authorizeRequests()
                                .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
                                .and()
                        .httpBasic();
        }

        &#064;Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
                auth
                        .inMemoryAuthentication()
                                .withUser(&quot;user&quot;).password(&quot;password&quot;).roles(&quot;USER&quot;);
        }
 }
 </pre>
The configuration below is the same as the previous configuration.
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class RequestMatchersSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(HttpSecurity http) throws Exception {
                http
                        .requestMatchers()
                                .antMatchers(&quot;/api/**&quot;)
                                .antMatchers(&quot;/oauth/**&quot;)
                                .and()
                        .authorizeRequests()
                                .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
                                .and()
                        .httpBasic();
        }

        &#064;Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
                auth
                        .inMemoryAuthentication()
                                .withUser(&quot;user&quot;).password(&quot;password&quot;).roles(&quot;USER&quot;);
        }
 }
 </pre>
The configuration below is also the same as the above configuration.
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class RequestMatchersSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(HttpSecurity http) throws Exception {
                http
                        .requestMatchers()
                                .antMatchers(&quot;/api/**&quot;)
                                .and()
                         .requestMatchers()
                                .antMatchers(&quot;/oauth/**&quot;)
                                .and()
                        .authorizeRequests()
                                .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
                                .and()
                        .httpBasic();
        }

        &#064;Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
                auth
                        .inMemoryAuthentication()
                                .withUser(&quot;user&quot;).password(&quot;password&quot;).roles(&quot;USER&quot;);
        }
 }
 </pre></div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HttpSecurity.RequestMatcherConfigurer.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity.RequestMatcherConfigurer</code></a> for further customizations</dd>
</dl>
</li>
</ul>
<a id="requestMatchers(org.springframework.security.config.Customizer)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>requestMatchers</h4>
<pre class="methodSignature">public&nbsp;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&nbsp;requestMatchers&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="HttpSecurity.RequestMatcherConfigurer.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity.RequestMatcherConfigurer</a>&gt;&nbsp;requestMatcherCustomizer)</pre>
<div class="block">Allows specifying which <code>HttpServletRequest</code> instances this
<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> will be invoked on. This method allows for easily invoking the
<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> for multiple different <a href="../../../../web/util/matcher/RequestMatcher.html" title="interface in org.springframework.security.web.util.matcher"><code>RequestMatcher</code></a> instances. If
only a single <a href="../../../../web/util/matcher/RequestMatcher.html" title="interface in org.springframework.security.web.util.matcher"><code>RequestMatcher</code></a> is necessary consider using
<a href="HttpSecurity.html#mvcMatcher(java.lang.String)"><code>mvcMatcher(String)</code></a>, <a href="HttpSecurity.html#antMatcher(java.lang.String)"><code>antMatcher(String)</code></a>,
<a href="HttpSecurity.html#regexMatcher(java.lang.String)"><code>regexMatcher(String)</code></a>, or <a href="HttpSecurity.html#requestMatcher(org.springframework.security.web.util.matcher.RequestMatcher)"><code>requestMatcher(RequestMatcher)</code></a>.
<p>
Invoking <a href="HttpSecurity.html#requestMatchers()"><code>requestMatchers()</code></a> will not override previous invocations of
<a href="HttpSecurity.html#mvcMatcher(java.lang.String)"><code>mvcMatcher(String)</code></a>}, <a href="HttpSecurity.html#requestMatchers()"><code>requestMatchers()</code></a>,
<a href="HttpSecurity.html#antMatcher(java.lang.String)"><code>antMatcher(String)</code></a>, <a href="HttpSecurity.html#regexMatcher(java.lang.String)"><code>regexMatcher(String)</code></a>, and
<a href="HttpSecurity.html#requestMatcher(org.springframework.security.web.util.matcher.RequestMatcher)"><code>requestMatcher(RequestMatcher)</code></a>.
</p>
<h3>Example Configurations</h3>
The following configuration enables the <a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> for URLs that begin
with "/api/" or "/oauth/".
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class RequestMatchersSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(HttpSecurity http) throws Exception {
                http
                        .requestMatchers((requestMatchers) -&gt;
                                requestMatchers
                                        .antMatchers(&quot;/api/**&quot;, &quot;/oauth/**&quot;)
                        )
                        .authorizeRequests((authorizeRequests) -&gt;
                                authorizeRequests
                                        .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
                        )
                        .httpBasic(withDefaults());
        }
 }
 </pre>
The configuration below is the same as the previous configuration.
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class RequestMatchersSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(HttpSecurity http) throws Exception {
                http
                        .requestMatchers((requestMatchers) -&gt;
                                requestMatchers
                                        .antMatchers(&quot;/api/**&quot;)
                                        .antMatchers(&quot;/oauth/**&quot;)
                        )
                        .authorizeRequests((authorizeRequests) -&gt;
                                authorizeRequests
                                        .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
                        )
                        .httpBasic(withDefaults());
        }
 }
 </pre>
The configuration below is also the same as the above configuration.
<pre> &#064;Configuration
 &#064;EnableWebSecurity
 public class RequestMatchersSecurityConfig extends WebSecurityConfigurerAdapter {

        &#064;Override
        protected void configure(HttpSecurity http) throws Exception {
                http
                        .requestMatchers((requestMatchers) -&gt;
                                requestMatchers
                                        .antMatchers(&quot;/api/**&quot;)
                        )
                        .requestMatchers((requestMatchers) -&gt;
                        requestMatchers
                                .antMatchers(&quot;/oauth/**&quot;)
                        )
                        .authorizeRequests((authorizeRequests) -&gt;
                                authorizeRequests
                                        .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
                        )
                        .httpBasic(withDefaults());
        }
 }
 </pre></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>requestMatcherCustomizer</code> - the <a href="../../../Customizer.html" title="interface in org.springframework.security.config"><code>Customizer</code></a> to provide more options for
the <a href="HttpSecurity.RequestMatcherConfigurer.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity.RequestMatcherConfigurer</code></a></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> for further customizations</dd>
</dl>
</li>
</ul>
<a id="requestMatcher(org.springframework.security.web.util.matcher.RequestMatcher)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>requestMatcher</h4>
<pre class="methodSignature">public&nbsp;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&nbsp;requestMatcher&#8203;(<a href="../../../../web/util/matcher/RequestMatcher.html" title="interface in org.springframework.security.web.util.matcher">RequestMatcher</a>&nbsp;requestMatcher)</pre>
<div class="block">Allows configuring the <a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> to only be invoked when matching the
provided <a href="../../../../web/util/matcher/RequestMatcher.html" title="interface in org.springframework.security.web.util.matcher"><code>RequestMatcher</code></a>. If more advanced configuration is necessary,
consider using <a href="HttpSecurity.html#requestMatchers()"><code>requestMatchers()</code></a>.
<p>
Invoking <a href="HttpSecurity.html#requestMatcher(org.springframework.security.web.util.matcher.RequestMatcher)"><code>requestMatcher(RequestMatcher)</code></a> will override previous invocations
of <a href="HttpSecurity.html#requestMatchers()"><code>requestMatchers()</code></a>, <a href="HttpSecurity.html#mvcMatcher(java.lang.String)"><code>mvcMatcher(String)</code></a>,
<a href="HttpSecurity.html#antMatcher(java.lang.String)"><code>antMatcher(String)</code></a>, <a href="HttpSecurity.html#regexMatcher(java.lang.String)"><code>regexMatcher(String)</code></a>, and
<a href="HttpSecurity.html#requestMatcher(org.springframework.security.web.util.matcher.RequestMatcher)"><code>requestMatcher(RequestMatcher)</code></a>.
</p></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>requestMatcher</code> - the <a href="../../../../web/util/matcher/RequestMatcher.html" title="interface in org.springframework.security.web.util.matcher"><code>RequestMatcher</code></a> to use (i.e. new
AntPathRequestMatcher("/admin/**","GET") )</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> for further customizations</dd>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="HttpSecurity.html#requestMatchers()"><code>requestMatchers()</code></a>,
<a href="HttpSecurity.html#antMatcher(java.lang.String)"><code>antMatcher(String)</code></a>,
<a href="HttpSecurity.html#regexMatcher(java.lang.String)"><code>regexMatcher(String)</code></a></dd>
</dl>
</li>
</ul>
<a id="antMatcher(java.lang.String)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>antMatcher</h4>
<pre class="methodSignature">public&nbsp;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&nbsp;antMatcher&#8203;(java.lang.String&nbsp;antPattern)</pre>
<div class="block">Allows configuring the <a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> to only be invoked when matching the
provided ant pattern. If more advanced configuration is necessary, consider using
<a href="HttpSecurity.html#requestMatchers()"><code>requestMatchers()</code></a> or <a href="HttpSecurity.html#requestMatcher(org.springframework.security.web.util.matcher.RequestMatcher)"><code>requestMatcher(RequestMatcher)</code></a>.
<p>
Invoking <a href="HttpSecurity.html#antMatcher(java.lang.String)"><code>antMatcher(String)</code></a> will override previous invocations of
<a href="HttpSecurity.html#mvcMatcher(java.lang.String)"><code>mvcMatcher(String)</code></a>}, <a href="HttpSecurity.html#requestMatchers()"><code>requestMatchers()</code></a>,
<a href="HttpSecurity.html#antMatcher(java.lang.String)"><code>antMatcher(String)</code></a>, <a href="HttpSecurity.html#regexMatcher(java.lang.String)"><code>regexMatcher(String)</code></a>, and
<a href="HttpSecurity.html#requestMatcher(org.springframework.security.web.util.matcher.RequestMatcher)"><code>requestMatcher(RequestMatcher)</code></a>.
</p></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>antPattern</code> - the Ant Pattern to match on (i.e. "/admin/**")</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> for further customizations</dd>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../web/util/matcher/AntPathRequestMatcher.html" title="class in org.springframework.security.web.util.matcher"><code>AntPathRequestMatcher</code></a></dd>
</dl>
</li>
</ul>
<a id="mvcMatcher(java.lang.String)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>mvcMatcher</h4>
<pre class="methodSignature">public&nbsp;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&nbsp;mvcMatcher&#8203;(java.lang.String&nbsp;mvcPattern)</pre>
<div class="block">Allows configuring the <a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> to only be invoked when matching the
provided Spring MVC pattern. If more advanced configuration is necessary, consider
using <a href="HttpSecurity.html#requestMatchers()"><code>requestMatchers()</code></a> or <a href="HttpSecurity.html#requestMatcher(org.springframework.security.web.util.matcher.RequestMatcher)"><code>requestMatcher(RequestMatcher)</code></a>.
<p>
Invoking <a href="HttpSecurity.html#mvcMatcher(java.lang.String)"><code>mvcMatcher(String)</code></a> will override previous invocations of
<a href="HttpSecurity.html#mvcMatcher(java.lang.String)"><code>mvcMatcher(String)</code></a>}, <a href="HttpSecurity.html#requestMatchers()"><code>requestMatchers()</code></a>,
<a href="HttpSecurity.html#antMatcher(java.lang.String)"><code>antMatcher(String)</code></a>, <a href="HttpSecurity.html#regexMatcher(java.lang.String)"><code>regexMatcher(String)</code></a>, and
<a href="HttpSecurity.html#requestMatcher(org.springframework.security.web.util.matcher.RequestMatcher)"><code>requestMatcher(RequestMatcher)</code></a>.
</p></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>mvcPattern</code> - the Spring MVC Pattern to match on (i.e. "/admin/**")</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> for further customizations</dd>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../web/servlet/util/matcher/MvcRequestMatcher.html" title="class in org.springframework.security.web.servlet.util.matcher"><code>MvcRequestMatcher</code></a></dd>
</dl>
</li>
</ul>
<a id="regexMatcher(java.lang.String)">

</a>
<ul class="blockListLast">
<li class="blockList">
<h4>regexMatcher</h4>
<pre class="methodSignature">public&nbsp;<a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders">HttpSecurity</a>&nbsp;regexMatcher&#8203;(java.lang.String&nbsp;pattern)</pre>
<div class="block">Allows configuring the <a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> to only be invoked when matching the
provided regex pattern. If more advanced configuration is necessary, consider using
<a href="HttpSecurity.html#requestMatchers()"><code>requestMatchers()</code></a> or <a href="HttpSecurity.html#requestMatcher(org.springframework.security.web.util.matcher.RequestMatcher)"><code>requestMatcher(RequestMatcher)</code></a>.
<p>
Invoking <a href="HttpSecurity.html#regexMatcher(java.lang.String)"><code>regexMatcher(String)</code></a> will override previous invocations of
<a href="HttpSecurity.html#mvcMatcher(java.lang.String)"><code>mvcMatcher(String)</code></a>}, <a href="HttpSecurity.html#requestMatchers()"><code>requestMatchers()</code></a>,
<a href="HttpSecurity.html#antMatcher(java.lang.String)"><code>antMatcher(String)</code></a>, <a href="HttpSecurity.html#regexMatcher(java.lang.String)"><code>regexMatcher(String)</code></a>, and
<a href="HttpSecurity.html#requestMatcher(org.springframework.security.web.util.matcher.RequestMatcher)"><code>requestMatcher(RequestMatcher)</code></a>.
</p></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>pattern</code> - the Regular Expression to match on (i.e. "/admin/.+")</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HttpSecurity.html" title="class in org.springframework.security.config.annotation.web.builders"><code>HttpSecurity</code></a> for further customizations</dd>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../web/util/matcher/RegexRequestMatcher.html" title="class in org.springframework.security.web.util.matcher"><code>RegexRequestMatcher</code></a></dd>
</dl>
</li>
</ul>
</li>
</ul>
</section>
</li>
</ul>
</div>
</div>
</main>

<footer role="contentinfo">
<nav role="navigation">

<div class="bottomNav"><a id="navbar.bottom">

</a>
<div class="skipNav"><a href="HttpSecurity.html#skip.navbar.bottom" title="Skip navigation links">Skip navigation links</a></div>
<a id="navbar.bottom.firstrow">

</a>
<ul class="navList" title="Navigation">
<li><a href="../../../../../../../index.html">Overview</a></li>
<li><a href="package-summary.html">Package</a></li>
<li class="navBarCell1Rev">Class</li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../../../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../../../../../index-all.html">Index</a></li>
<li><a href="../../../../../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList" id="allclasses_navbar_bottom">
<li><a href="../../../../../../../allclasses.html">All&nbsp;Classes</a></li>
</ul>
<div>
<script type="text/javascript"><!--
  allClassesLink = document.getElementById("allclasses_navbar_bottom");
  if(window==top) {
    allClassesLink.style.display = "block";
  }
  else {
    allClassesLink.style.display = "none";
  }
  //-->
</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
</div>
<div>
<ul class="subNavList">
<li>Summary:&nbsp;</li>
<li><a href="HttpSecurity.html#nested.class.summary">Nested</a>&nbsp;|&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li><a href="HttpSecurity.html#constructor.summary">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="HttpSecurity.html#method.summary">Method</a></li>
</ul>
<ul class="subNavList">
<li>Detail:&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li><a href="HttpSecurity.html#constructor.detail">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="HttpSecurity.html#method.detail">Method</a></li>
</ul>
</div>
<a id="skip.navbar.bottom">

</a></div>

</nav>
</footer>
<script>if (window.parent == window) {(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)})(window,document,'script','//www.google-analytics.com/analytics.js','ga');ga('create', 'UA-2728886-23', 'auto', {'siteSpeedSampleRate': 100});ga('send', 'pageview');}</script><script defer src="https://static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194" integrity="sha512-Gi7xpJR8tSkrpF7aordPZQlW2DLtzUlZcumS8dMQjwDHEnw9I7ZLyiOj/6tZStRBGtGgN6ceN6cMH8z7etPGlw==" data-cf-beacon='{"rayId":"7040d003da7a980c","token":"bffcb8a918ae4755926f76178bfbd26b","version":"2021.12.0","si":100}' crossorigin="anonymous"></script>
</body>
</html>
